HIPAA Risk Analysis Examples 2015 - HIPAA Risk Analysis Examples - Practical Application of Methods
Date2015-02-17
Deadline2015-02-16
VenueOnline event, USA - United States
KeywordsHealthcare hipaa training; Online healthcare courses; Online healthcare training
Websitehttps://bit.ly/1D8SbgD
Topics/Call fo Papers
Overview: Being in compliance with HIPAA involves not only ensuring you provide the appropriate patient rights and controls on your uses and disclosures, but also that you ensure you have the right policies, procedures, and documentation, and have performed the appropriate analysis of the risks to the confidentiality, integrity, and availability of electronic Protected Health Information.
Using Risk Analysis can help you make defensible, documented decisions about your compliance in a variety of circumstances, for a variety of regulations. Risk Analysis is the key to making your health information privacy and security regulatory compliance work more sensible as well as defensible.
HIPAA enforcement is on the increase and random audits of HIPAA compliance have begun. In addition, audits of Meaningful Use attestations are examining compliance with Objective 15, which calls for a HIPAA Security Rule risk analysis. Failures in any of these reviews or audits can lead to significant penalties and fines. Your HIPAA Covered Entity or Business Associate needs to have the right reviews and documentation right now.
There are tools freely available that can help in the performance of a Risk Analysis, but a risk analysis takes more than tools, it takes an understanding of what to examine and how to consider what you find, to create a coherent analysis of the risks to your electronic PHI. This session will focus on how you can use the tools as part of an analysis process to give you actionable plans and documentation of considerations made in the process.
If you don't take the proper steps to ensure your patients' health information is being protected according to the HIPAA Security Rule, you can be hit with significant fines and penalties. With the increased HIPAA fines beginning at $10,000 in cases of willful neglect, providing good information security and being in compliance are more important than ever, and a good Risk Analysis is key to that compliance.
We will also discuss the HIPAA audit and enforcement regulations and processes, and how they apply to HIPAA covered entities and business associates. We will explain the recent changes that increase fines and create new penalty levels, including new penalties for willful neglect of compliance that begin at $10,000. We will explore what kind of issues and what kind of entities had the most problems, and show where entities need to improve their compliance the most, and also explore the typical risk issues that lead to breaches of health information and see how those issues may be a target for auditors in 2015.
The results of prior enforcement actions and HHS audits (and their penalties), especially those relating to Risk Analysis, will be discussed, including recent actions involving multi-million dollar fines and settlements. In addition, new trends in information security risks will be discussed so you can start to plan for the work you'll need to do to stay in compliance and keep patient information private and secure.
Why should you attend: The HIPAA Security Rule calls for identification of risks through a risk analysis that considers all of your electronic information, from fax machines and voicemail, to servers and systems. Once those risks are identified, the rules require you to mitigate the identified risks. All of this depends on knowing what to do to create a risk analysis that will guide your security compliance efforts and help you avoid penalties in the event of incidents and breaches.
The meaningful use requirements also require eligible hospitals and eligible professionals to conduct or review a HIPAA Security Rule risk assessment of the certified electronic health record (EHR) technology annually, and implement security updates and correct identified security deficiencies as part of its risk management process. And the policies reviewed, risk analysis performed, and mitigation actions taken must all be documented so that they can withstand the scrutiny of investigators from the US Department of Health and Human Services.
Compliance with HIPAA Rules requires being able to make decisions about how to implement the rules in your own circumstances, and using a risk analysis approach can make that process more logical and better documented. The HIPAA Security Rule requires that all entities periodically evaluate the risks to the confidentiality, integrity, and availability of Protected Health Information, and the rules are backed up by new fines, and penalties, and a new enforcement effort. The changes to the rules create new challenges for HIPAA entities, and new risks for non-compliance and penalties.
Areas Covered in the Session:
What the HIPAA Security Rule requires
What Meaningful Use Objective 15 requires
What a good risk analysis is and isn't
Risk Analysis tools and methods
The policies you should have for security compliance
Finding and filling any gaps in your policies and procedures
How to perform risk assessment and analysis
Planning the continuing management of your risks
Planning your next reviews and your information security management process
Who Will Benefit:
Compliance Director
CEO
CFO
Privacy Officer
Security Officer
Information Systems Manager
HIPAA Officer
Chief Information Officer
Health Information Manager
Healthcare Counsel/lawyer
Office Manager
Contracts Manager
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.
Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.
MentorHealth
Roger Steven
contact no: 8003851607
fax no: 302-288-6884
Event Link:http://bit.ly/1D8SbgD
webinars-AT-mentorhealth.com
www.mentorhealth.com
Using Risk Analysis can help you make defensible, documented decisions about your compliance in a variety of circumstances, for a variety of regulations. Risk Analysis is the key to making your health information privacy and security regulatory compliance work more sensible as well as defensible.
HIPAA enforcement is on the increase and random audits of HIPAA compliance have begun. In addition, audits of Meaningful Use attestations are examining compliance with Objective 15, which calls for a HIPAA Security Rule risk analysis. Failures in any of these reviews or audits can lead to significant penalties and fines. Your HIPAA Covered Entity or Business Associate needs to have the right reviews and documentation right now.
There are tools freely available that can help in the performance of a Risk Analysis, but a risk analysis takes more than tools, it takes an understanding of what to examine and how to consider what you find, to create a coherent analysis of the risks to your electronic PHI. This session will focus on how you can use the tools as part of an analysis process to give you actionable plans and documentation of considerations made in the process.
If you don't take the proper steps to ensure your patients' health information is being protected according to the HIPAA Security Rule, you can be hit with significant fines and penalties. With the increased HIPAA fines beginning at $10,000 in cases of willful neglect, providing good information security and being in compliance are more important than ever, and a good Risk Analysis is key to that compliance.
We will also discuss the HIPAA audit and enforcement regulations and processes, and how they apply to HIPAA covered entities and business associates. We will explain the recent changes that increase fines and create new penalty levels, including new penalties for willful neglect of compliance that begin at $10,000. We will explore what kind of issues and what kind of entities had the most problems, and show where entities need to improve their compliance the most, and also explore the typical risk issues that lead to breaches of health information and see how those issues may be a target for auditors in 2015.
The results of prior enforcement actions and HHS audits (and their penalties), especially those relating to Risk Analysis, will be discussed, including recent actions involving multi-million dollar fines and settlements. In addition, new trends in information security risks will be discussed so you can start to plan for the work you'll need to do to stay in compliance and keep patient information private and secure.
Why should you attend: The HIPAA Security Rule calls for identification of risks through a risk analysis that considers all of your electronic information, from fax machines and voicemail, to servers and systems. Once those risks are identified, the rules require you to mitigate the identified risks. All of this depends on knowing what to do to create a risk analysis that will guide your security compliance efforts and help you avoid penalties in the event of incidents and breaches.
The meaningful use requirements also require eligible hospitals and eligible professionals to conduct or review a HIPAA Security Rule risk assessment of the certified electronic health record (EHR) technology annually, and implement security updates and correct identified security deficiencies as part of its risk management process. And the policies reviewed, risk analysis performed, and mitigation actions taken must all be documented so that they can withstand the scrutiny of investigators from the US Department of Health and Human Services.
Compliance with HIPAA Rules requires being able to make decisions about how to implement the rules in your own circumstances, and using a risk analysis approach can make that process more logical and better documented. The HIPAA Security Rule requires that all entities periodically evaluate the risks to the confidentiality, integrity, and availability of Protected Health Information, and the rules are backed up by new fines, and penalties, and a new enforcement effort. The changes to the rules create new challenges for HIPAA entities, and new risks for non-compliance and penalties.
Areas Covered in the Session:
What the HIPAA Security Rule requires
What Meaningful Use Objective 15 requires
What a good risk analysis is and isn't
Risk Analysis tools and methods
The policies you should have for security compliance
Finding and filling any gaps in your policies and procedures
How to perform risk assessment and analysis
Planning the continuing management of your risks
Planning your next reviews and your information security management process
Who Will Benefit:
Compliance Director
CEO
CFO
Privacy Officer
Security Officer
Information Systems Manager
HIPAA Officer
Chief Information Officer
Health Information Manager
Healthcare Counsel/lawyer
Office Manager
Contracts Manager
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.
Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.
MentorHealth
Roger Steven
contact no: 8003851607
fax no: 302-288-6884
Event Link:http://bit.ly/1D8SbgD
webinars-AT-mentorhealth.com
www.mentorhealth.com
Other CFPs
- HIPAA Now and Then
- Understanding Exclusions from Participation in Federal Health Care Programs
- Health And Safety: Controlling Contractors (Selection of Contractors, Measures to Control Contractors, Site Authorization for Contractors, Introduction to Permit to Work Systems)
- How to Survive a HIPAA Security Audit
- Recent Investigations and Enforcement Trends in Hospice Care
Last modified: 2015-01-07 18:08:01