This program will explain, clarify and demonstrate how to do a Risk Analysis in 6 complete steps:
Threats and Vulnerabilities
This lesson is designed to enable your Organization to perform a complete Risk Analysis of all PHI it creates, receives, maintains or transmits in any format. You will understand and identify threats, vulnerabilities and risks to your organization's PHI wherever it is located.
The Office for Civil Rights (OCR), the HIPAA enforcement arm of the U. S. Department of Health and Human Services (HHS) has recently announced alarming results of the Phase 2 Covered Entity HIPAA Compliance Audits. 94% failed the Risk Management Audit and 87% failed the Risk Analysis Audit! Every audited Covered Entity knew well in advance that it was on the short list to be audited, had completed pre-audit questionnaires and knew the exact questions it would be asked and documentation to be provided (audit protocols). Attend this session to learn how the Acts of HIPAA Risk Analysis – Risk Management, step-by-step, with the steps demonstrated and explained clearly in plain language. HIPAA Risk Analysis – Risk Management is the basis of your HIPAA Compliance Program. OCR rightly considers the most serious, most widespread HIPAA deficiency for Covered Entities and Business Associates – surpassing all others – is an organization's failure to perform a HIPAA Risk Analysis and implement a Risk Management program to address its Risks. The HIPAA Rules do not say how to do HIPAA Risk Analysis – Risk Management. OCR's limited 9 page guidance document refers organizations to technical procedures in manuals created by the National Institute of Standards and Technology (NIST) Computer Security Division and geared to "the computer security community". Several Federal "Security Risk Assessment Tools" are available, incomplete, cumbersome and have an explicit disclaimer – use of the tool does not guarantee compliance with federal, state or local laws. However, Federal Risk Analysis – Risk Management procedures are easy to follow, step-by-step, when you know the steps. This webinar explains and demonstrates those steps.
This webinar for HIPAA Covered Entities and Business Associates will explain:
1. What a complete HIPAA Risk Analysis – Risk Management program is and how to do one.
2. How to automate, simplify, document and complete your HIPAA Risk Analysis – Risk Management by an interactive, intuitive process:
A. To identify and analyze Risks to all Protected Health Information (PHI) – not just Electronic Protected Health Information (EPHI);
B. Manage Identified Risks; and
C. Implement your specific, customized Risk Management Plan.
3. Archive your Risk Analysis – Risk Management compliance for ready reference and inspection by OCR.
Craft your next HIPAA Risk Analysis – Risk Management from the data entered in archive – modify and supplement with no need to start from scratch.
Paul R. Hales received his Juris Doctor degree from Columbia University Law School and is licensed to practice law before the Supreme Court of the United States. He is an expert on HIPAA Privacy, Security, Breach notification and Enforcement Rules with a national HIPAA consulting practice based in St. Louis. Paul is the author of all content in The HIPAA E-Tool, an Internet-based, Software as a Service product for health care providers and business associates.