Security Risk Assessment 2015 - Security Risk Assessment, What it is and How to Conduct One
Date2015-07-09
Deadline2015-07-08
VenueOnline event, USA - United States
KeywordsSecurity Risk Assessment; Information SRA; Risk management training
Websitehttps://bit.ly/1Kn6j6G
Topics/Call fo Papers
Overview: In this session we will demystify the reasons to and the process of conducting a Security Risk Assessment ("SRA"). Starting with a discussion of the implications of not conducting an SRA you will understand the liability landscape presented by a variety of governmental agencies. We will then move on to present the impact the SRA has on your revenue cycle, and the operation of your practice. We will discuss how your SRA impacts your web presence, your Business Associates, and other organizations you and your practice work with, including billing companies, durable medical equipment suppliers ("DME"), volunteers, attorneys and accountants.
We will then explain the why the SRA is the cornerstone of your HIPAA compliance program and how to conduct one per the requirements of the HIPAA/HITECH regulations.
At the end of this session the attendee will understand how the SRA fills a role in determining what constitutes HIPAA compliance, and how to understand what is really meant by the terminology commonly encountered, and misunderstood, when discussing the components of the SRA. We will discuss major areas of the SRA; the Technical, Physical and Administrative Safeguards, in such a way that the attendee will understand what they mean and how to address them.
We will cover a couple of specific ambiguities and discuss some examples encountered in the SRA. We will explain and demonstrate how to work through the ambiguities, and draw a conclusion that allows you to take defensible action. In this section we will show you what reference materials are available, and work through at least one example of an ambiguity, and show you how to reach defensible solution. We will also explain what constituted a defensible solution and why it is important.
We will cover the concepts and terms encountered when discussing the SRA; what the SRA, actually, is and what are you obligations under HIPAA. We will discuss the misconceptions around terms such as the Security and Privacy Regulations, what do Technical, Administrative and Physical Safeguards really mean. We will cover the ramifications of not complying with HIPAA requirements for an SRA when you have a reported breach, and discuss why having completed the SRA is only the beginning of the process, not the end.
After covering the generalities, the presentation will then focus on specific concepts and terms that are common to breaches that have been reported over the last few years, and how having conducted an appropriate SRA would have prevented or minimized the impact of the breach. We will work through some of the myths encounter when discussing SRAs, explain why they exist and demystify them to give the attendee the "truth" behind these myths.
As we work through the language of the RSRA, we will not discuss the terminology and concepts from a high level view, but rather with the goal of providing sufficient detail so the attendee will leave with actionable items. Finally, the objective of this presentation is not to make you an expert on conducting an SRA, and why that would be difficult, but rather give you the information you need to ask the right questions of your Chief Privacy and/or Security Officer(s), or consultant.
Why should you attend: Less than 80% of entities are conducting their required Security Risk Assessment ("SRA"); even those entities who have attested for Meaningful Use. A Security Risk Assessment is a regulatory requirement for both Meaningful Use and HIPAA compliance, and where your compliance program begins. Failure to conduct this cornerstone of HIPAA compliance puts you on the wrong side of the Office for Civil Rights (OCR) along with other federal and state agencies, right from the start. Add to this the expansion of more and more tort actions, with larger and larger jury awards. But that isn’t even the extend of the damage. Costs associates with fines and penalties only account for 15% of the total cost of a breach, to your practice. For your consideration; recent surveys of patient sentiment indicate that:
2/3 of patients do not have confidence that their healthcare provider is doing enough to keep their information private
54% of patients would change providers if they found one they believed had the ability to keep their information confidential
12% of patients say they withhold information from their healthcare provider because of privacy concerns
In this session you will learn the when and why to conduct your SRA. We will show you what you need to include in the risk assessment, how to conduct an assessment, and what to do with the results. Once the Risk Assessment is completed, learn how to interpret the results, and plan your next steps.
You will leave this presentation understanding how to keep the trust of you patients after all they come to you because they trust you. You will understand how the SRA is the cornerstone of becoming and maintaining HIPAA compliance. Finally you will understand how your efforts at HIPAA compliance can enhance your revenue cycle, increase your referrals, and preserve the trust of your patients.
Areas Covered in the Session:
What is an Security Risk Assessment ("SRA")
What are the consequences of not conducting an appropriate SRA
What are patient sentiments towards Privacy and Security
What is the terminology of an SRA
What are the required components of the SRA
What constitutes an adequate risk assessment
What is meant by a "Required" and "Addressable" implementation specification
What is an OCR Resolution Agreement and why should I care
What are my training requirements
What is a Breach vs. a Reportable Breach
What is a Business Associate and what are my responsibilities
What is an OCR audit , what will they ask for
What is an OCR investigation, what will they ask for
What is Willful Neglect and what does it mean to me
MentorHealth
Roger Steven
contact no: 800-385-1607
fax no: 302-288-6884
Event Link:http://bit.ly/1Kn6j6G
support-AT-mentorhealth.com
www.mentorhealth.com
We will then explain the why the SRA is the cornerstone of your HIPAA compliance program and how to conduct one per the requirements of the HIPAA/HITECH regulations.
At the end of this session the attendee will understand how the SRA fills a role in determining what constitutes HIPAA compliance, and how to understand what is really meant by the terminology commonly encountered, and misunderstood, when discussing the components of the SRA. We will discuss major areas of the SRA; the Technical, Physical and Administrative Safeguards, in such a way that the attendee will understand what they mean and how to address them.
We will cover a couple of specific ambiguities and discuss some examples encountered in the SRA. We will explain and demonstrate how to work through the ambiguities, and draw a conclusion that allows you to take defensible action. In this section we will show you what reference materials are available, and work through at least one example of an ambiguity, and show you how to reach defensible solution. We will also explain what constituted a defensible solution and why it is important.
We will cover the concepts and terms encountered when discussing the SRA; what the SRA, actually, is and what are you obligations under HIPAA. We will discuss the misconceptions around terms such as the Security and Privacy Regulations, what do Technical, Administrative and Physical Safeguards really mean. We will cover the ramifications of not complying with HIPAA requirements for an SRA when you have a reported breach, and discuss why having completed the SRA is only the beginning of the process, not the end.
After covering the generalities, the presentation will then focus on specific concepts and terms that are common to breaches that have been reported over the last few years, and how having conducted an appropriate SRA would have prevented or minimized the impact of the breach. We will work through some of the myths encounter when discussing SRAs, explain why they exist and demystify them to give the attendee the "truth" behind these myths.
As we work through the language of the RSRA, we will not discuss the terminology and concepts from a high level view, but rather with the goal of providing sufficient detail so the attendee will leave with actionable items. Finally, the objective of this presentation is not to make you an expert on conducting an SRA, and why that would be difficult, but rather give you the information you need to ask the right questions of your Chief Privacy and/or Security Officer(s), or consultant.
Why should you attend: Less than 80% of entities are conducting their required Security Risk Assessment ("SRA"); even those entities who have attested for Meaningful Use. A Security Risk Assessment is a regulatory requirement for both Meaningful Use and HIPAA compliance, and where your compliance program begins. Failure to conduct this cornerstone of HIPAA compliance puts you on the wrong side of the Office for Civil Rights (OCR) along with other federal and state agencies, right from the start. Add to this the expansion of more and more tort actions, with larger and larger jury awards. But that isn’t even the extend of the damage. Costs associates with fines and penalties only account for 15% of the total cost of a breach, to your practice. For your consideration; recent surveys of patient sentiment indicate that:
2/3 of patients do not have confidence that their healthcare provider is doing enough to keep their information private
54% of patients would change providers if they found one they believed had the ability to keep their information confidential
12% of patients say they withhold information from their healthcare provider because of privacy concerns
In this session you will learn the when and why to conduct your SRA. We will show you what you need to include in the risk assessment, how to conduct an assessment, and what to do with the results. Once the Risk Assessment is completed, learn how to interpret the results, and plan your next steps.
You will leave this presentation understanding how to keep the trust of you patients after all they come to you because they trust you. You will understand how the SRA is the cornerstone of becoming and maintaining HIPAA compliance. Finally you will understand how your efforts at HIPAA compliance can enhance your revenue cycle, increase your referrals, and preserve the trust of your patients.
Areas Covered in the Session:
What is an Security Risk Assessment ("SRA")
What are the consequences of not conducting an appropriate SRA
What are patient sentiments towards Privacy and Security
What is the terminology of an SRA
What are the required components of the SRA
What constitutes an adequate risk assessment
What is meant by a "Required" and "Addressable" implementation specification
What is an OCR Resolution Agreement and why should I care
What are my training requirements
What is a Breach vs. a Reportable Breach
What is a Business Associate and what are my responsibilities
What is an OCR audit , what will they ask for
What is an OCR investigation, what will they ask for
What is Willful Neglect and what does it mean to me
MentorHealth
Roger Steven
contact no: 800-385-1607
fax no: 302-288-6884
Event Link:http://bit.ly/1Kn6j6G
support-AT-mentorhealth.com
www.mentorhealth.com
Other CFPs
- Medical Necessity: Clinical Medical Necessity vs Billing Medical Necessity
- International Conference on Special Education Research (ICSER 2015)
- International Conference on Higher Education Research (ICHER 2015)
- 2015 International Conference on Biological Therapy (ICBT 2015)
- IEEECONF-2nd International Conference on Advanced Nano Materials and Emerging Engineering Technologies(ICANMEET-2015)
Last modified: 2015-04-28 15:51:44