ResearchBib Share Your Research, Maximize Your Social Impacts
Sign for Notice Everyday Sign up >> Login

2019 - Performing your Annual HIPAA Security Risk Assessment



VenueOnline, USA - United States USA - United States

KeywordsHIPAA Security Risk Assessment; Professionals training courses; Online professional trainings


Topics/Call fo Papers

In September of 2017, OCR shared preliminary results of their Phase 2, nation-wide, HIPAA Audits.
As it relates to HIPAA Security Risk Analysis and Management the results were pretty shocking.
OCR reported that 83% of those they audited had a score of "inadequate" or "failure" on their performance of an information security risk analysis while 94% had a score of "inadequate" or "failure" on their efforts of establishing or maintaining an information security risk management plan.
A couple months ago the OCR announced their $3.5 million settlement with Fresenius Medical Care North America (FMCNA). The main reason cited by the OCR was that Fresenius "failed to heed HIPAA’s risk analysis and risk management rules." OCR Director Roger Severino had some very clear and strong words about the importance of performing a HIPAA Security Risk Analysis.
He said, "The number of breaches, involving a variety of locations and vulnerabilities, highlights why there is no substitute for an enterprise-wide risk analysis for a covered entity. Covered entities must take a thorough look at their internal policies and procedures to ensure they are protecting their patients' health information in accordance with the law."
Why should you Attend
HIPAA enforcement is on the rise. The primary enforcement body is the U.S. Health and Human Services (HHS) Office for Civil Rights (OCR).
They've warned that the most common HIPAA compliance error they consistently see is failure to perform an adequate HIPAA Security Risk Analysis. If health care organizations participated in Meaningful Use or MACRA (The Medicare Access and CHIP Reauthorization Act of 2015) then they are required to annually certify to performing a HIPAA Security Risk Analysis.
Even if an organization did not participate in these programs, if they are required to comply with HIPAA then they need to perform this analysis periodically.
Areas Covered in the Session
Recent enforcement and fines resulting from HIPAA Security Risk Analysis failures
Outlook of future enforcement
HIPAA Security Risk Analysis requirements
How to perform a HIPAA Security Risk Analysis
Remediating findings from the risk analysis
Who Will Benefit
Any Healthcare Organization that is required to follow HIPAA
Physician Practices Participating in MACRA
Hospitals and Organizations that Accepted Government Financial Incentives to Implement Electronic Health Records
Compliance Officer
HIPAA Privacy and Security Officers

Last modified: 2019-01-11 19:02:46