HIPAA Risk Analysis

Duration 90 Mins
Level Basic & Intermediate & Advanced
Webinar ID IQW20G0750

  • What is a risk analysis
  • Why must you conduct (and update) a risk analysis
  • The penalties for not conducting a written risk analysis
  • Who should conduct the risk analysis
  • What assets or activities should you perform risk analysis of
  • What tools are available to help conduct a risk analysis
  • How to determine what risks exist
  • How to quantify the risks—how likely are they to occur and how serious are they
  • How to select reasonable, appropriate, and cost-effective security measures
  • How to document you risk analysis
  • When to update your risk analysis

Overview of the webinar

  • Introduction—the current state of HIPAA enforcement
  • What is risk analysis
  • The requirement to perform risk analysis
  • Sanctions for failure to perform risk analysis
  • How to conduct risk analysis
  • Assemble a good team
  • Identify assets
  • Determine risks to those assets
  • Quantify risks to those assets
  • Select reasonable, appropriate, and cost-effective security measures
  • Test and revise your security measures
  • The requirement to update your risk analysis
  • The requirement to document your risk analysis

Who should attend?

  • Privacy Officers
  • Security Officers
  • Compliance Officers
  • Medical Records Administrators
  • Health Information Management Directors
  • Office Managers
  • Heads of Practices
  • Healthcare in-House Counsel
  • HIPAA consultants

Why should you attend?

  • Risk analysis is the key to implementing reasonable cost-effective security measures
  • Risk analysis is required by the HIPAA Security Rule
  • Risk analysis is how to determine whether you must implement an addressable implementation specification, such as encryption
  • And failure to conduct and update risk analyses are the single biggest cause of Health and Human Services imposed civil money penalties of up to several million dollars
  • Any breach resulting from failure to conduct a risk analysis constitues willful neglect, which carries the highest fines and must be investigated by HHS
  • And failure to conduct one has other affects as well—remediation and mitigation (lessening the harm of) costs, bad publicity, lost business and the like
  • HIPAAdoes not specify how to do a risk analysis

Faculty - Mr. Jonathan P. Tomes

Jonathan P. Tomes is a national HIPAA compliance consultant and attorney admitted in Illinois, Missouri, Kansas, and Oklahoma who practices in Kansas City, Kansas, and the greater Kansas City area. After he had retired from the U.S. Army as a JAGC officer, having been a military judge (which taught him how to read and interpret government regulations) and having spent several years as a military intelligence officer (which taught him about gathering and using information), he taught law at IIT Chicago-Kent College of Law before he opened his own private law practice. Mr. Tomes is President of EMR Legal, a national HIPAA compliance consulting firm. EMR Legal has consulted and trained over 1,000 HIPAA clients since 1998, ranging from Federal, State and County governments to large hospitals to small practices. Jon is currently working on an online HIPAA training video and an online HIPAA risk assessment.

07-30-2020 - HIPAA Risk Analysis.pdf
For group or any booking support, contact: