ComplianceOnline

Register

Toll Free: +1-888-717-2436


customer care
Fax: +1-650-963-2556
Email: editor@complianceonline.com
Read Frequently Asked Questions

Risk Analysis Without Fear: Satisfying HIPAA & Meaningful Use Requirements for Privacy and Security

Buy Now Section

This HIPAA risk analysis webinar will discuss how to go about a Risk Analysis for HIPAA, how to use Risk Analysis to prioritize your security efforts and how risk Analysis can help you win stimulus funding and avoid penalties.

Speaker
Instructor: Jim Sheldon-Dean
Product ID: 702023

Why Should You Attend:

Health Care entities are subject to a number of standards and regulations that require them to assess the risks to the personal and private information of their patients and take steps to reduce those risks where they can. Also now, new enforcement regulations for HIPAA include significant penalties starting at $10,000 for willful neglect of compliance, so even if a HIPAA covered entity doesn't want to accept funding for adopting an EHR or accept payment cards for services paid by the individual, it risks significant penalties if it hasn't performed a proper security risk analysis.  If a healthcare organization hasn't yet performed an information security risk analysis, the time is now.

But Performing a HIPAA Risk Analysis can be a confusing, expensive, and time consuming process, but it doesn't have to be.  By following a defined process that finds and focuses on the most significant risks, it is possible to make risk analysis easier and more effective, while meeting the requirements of Federal and state governments and the Payment Card Industry.

This session will present the background of the regulations and standards that call for information security risk analysis and show how it fits in to an overall information security management process.  The risk analysis process will be presented within the context of the overall risk prioritization and risk mitigation process, using an example carried through the discussion.

The Information Security Risk Analysis Process presented utilizes a non-technical approach, involving interviewing staff knowledgeable about operations and systems to discover how information is retained and moved, and reveal the risks inherent in such storage and transmission.  Areas of high risk, as identified by respected industry organizations, will be identified to ensure that the most significant risks are discovered and adequately prioritized.

Learning Objectives:

Areas Covered in the Seminar:

Free Handouts:

Attendees will receive Three sample templates (for educational purposes only) will be provided, for System Risk Assessment, for Risk Analysis, and for an Organization Control Plan

Who Will Benefit:

Instructor Profile:

Jim Sheldon-Dean, is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a variety of health care providers, businesses, universities, small and large hospitals, urban and rural mental health and social service agencies, health insurance plans, and health care business associates.  He serves on the HIMSS Information Systems Security Workgroup, co-chairs the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and co-chairs the WEDI HIPAA Updates and Privacy and Security Meaningful Use sub-workgroups.  He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at AHIMA national and regional conventions and WEDI national conferences, and before the New York Metropolitan Chapter of the Healthcare Financial Management Association, Health Information Management Associations of New York City, New York State, Virginia, and Vermont, the Connecticut Hospital Association, and the Hospital and Health System Association of Pennsylvania.  Sheldon-Dean has nearly 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development.  His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems.  In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician.  Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master's degree from the Massachusetts Institute of Technology.

Topic Background:

Health Care providers are subjected to a number of standards and regulations that require them to assess the risks to the personal and private information of their patients and take steps to reduce those risks.  In particular, the HIPAA Security Rule and the PCI Data Security Standard for payment card information both require a thorough and complete risk analysis.  In addition, if health care providers want to receive funding from the Federal government for the adoption of Electronic Health Records, one of the required standards for meaningful use is to protect the privacy and security of patient information by performing a risk analysis consistent with the requirements of the HIPAA Security Rule.  And, new enforcement regulations for HIPAA include significant penalties starting at $10,000 for willful neglect of compliance, so even if a HIPAA covered entity doesn't want to accept funding for adopting an EHR or accept payment cards for services paid by the individual, it risks significant penalties if it hasn't performed a proper security risk analysis.  If a healthcare organization hasn't yet performed an information security risk analysis, the time is now.

HITECH requires the Department of Health and Human Services (HHS) to formally investigate and complaint where a preliminary investigation of the facts indicates a possible violation due to “willful neglect.” HHS is required to impose a minimum fine of $10,000 where “willful neglect” is found.“Willful Neglect” is defined by the HIPAA Regulations as a conscious, intentional failure or reckless indifference to the obligation to comply with the administrative simplification provision violated. HHS could cause a violation to be classified as “willful neglect” if the healthcare practitioner did nothing as far as trying to comply with the HITECH laws. (This could include such things as not drafting policies and procedures in a written format, etc.)

The Information Security Risk Analysis Process involves interviewing staff knowledgeable about operations and systems to discover how information is retained and moved, and reveal the risks inherent in such storage and transmission.  Interview content is organized as departmental stories that are successively refined into process descriptions, lists of information in place or in motion, diagrams of information flows, and lists of information systems and flows to be assessed for risks.  Risk issues and recommendations for each system or information flow can then be described and organized into a table that is used to define the risks and prioritize their mitigation, using a straightforward high-medium-low stratification of potential likelihood and impact for each risk issue, following the risk determination method identified in the preamble to the HIPAA Security Rule and guidance from the US Department of Health and Human Services.

Bookmark and Share
Refund Policy
"Registrants may cancel up to two working days prior to the course start date and will receive a letter of credit to be used towards a future course up to one year from date of issuance.
ComplianceOnline would process/provide refund only if the Live Webinar has been cancelled. The attendee could choose between the recorded version of the webinar or refund for any cancelled webinar. Refunds will not be given to participants who do not show up for the webinar. On-Demand Recordings can be requested in exchange. Webinar may be cancelled due to lack of enrolment or unavoidable factors. Registrants will be notified 24hours in advance if a cancellation occurs."
For substitution, please email editor@complianceonline.com or call +1-650-620-3937.

Ensuring Compliance with Advertising and Promotional Requirements for Drugs and Medical Devices - 80066SEM
Building a Sustainable Validation Program from - 80147SEM

This training hasn't been reviewed yet.

Review this training

Training Options Training Duration = 90 Min
$249.00 Access Recorded Version Only
One Person - Unlimited viewing for 6 Months
(For multiple licenses contact Customer Care)
Recorded Link and Ref. material will be available in My CO Section
$399.00 Get Training CD Only
One CD is for usage in one location only.
(For multiple locations contact Customer Care)
CD and Ref. material will be shipped within 15 business days