Experts Cite Medical Devices, Patient Portals Among Emerging HIPAA-HITECH Security Threats
Industry Leaders Call for Rigorous, Comprehensive Approach to Risk Analysis During Clearwater Compliance Interactive Blue Ribbon Panel Web Event
Among the emerging information security threats facing healthcare organizations are technology concerns such as medical devices and patient portals, according to a panel of leading HIPAA-HITECH experts convened last week by Clearwater Compliance.
During Clearwater’s first monthly HIPAA-HITECH Blue Ribbon Panel™ , which focused on Risk Analysis DOs and DON’Ts, leaders discussed the critical role of comprehensively identifying organizational risk in the face of a rapidly changing and challenging environment. The panel also underscored the importance of investing in thorough risk analysis efforts, based on expectations from the Office for Civil Rights.
“It’s pretty clear that risk analysis is a priority,” said panelist Adam Greene, a partner with Davis Wright Tremaine and co-chair of its Health Information Group. “In any interaction with OCR, you can count on questions related to risk analysis coming up early and often.”
The panel acknowledged risk analysis is a significant body of work. To avoid getting overwhelmed, several panelists urged organizations not to lose sight of the real goal.
“Your focus should be on reducing risk, not meeting a compliance checklist,” said Feisal Nanji, executive director of Techumen.
While interacting with participants live, the Blue Ribbon Panel experts shared their experiences and provided a foundational understanding of what constitutes a bona-fide risk analysis. They also presented helpful tools to get started.
This month’s panel of experts included:
- Bob Chaput, CISSP, CIPP-US
Chaput is Founder & CEO of Clearwater Compliance.
- Adam Greene
Greene is a partner in the Washington, D.C. office of Davis Wright Tremaine and co-chair of its Health Information Group.
- Kamal Govindaswamy, CISSP, CISA, CIPP, ABCP
Govindaswamy is a HIPAA-HITECH Security & Privacy Advisor consultant and President of RisknCompliance Consulting Group LLC.
- Feisal Nanji
Nanji is Executive Director of Techumen, an information security firm focusing exclusively on securing health care information.
- Frank Ruelas, MBA
Ruelas is the Compliance Officer, Privacy Officer, and Security Officer for Gila River Health Care.
- Rick Kam, CIPP
Kam is the founder and president of ID Experts as well as an expert in privacy and information security.
Among the topics covered by panelists were the following:
- Creating a compelling business case to senior leadership to justify the needed resources for a thorough risk analysis
- Best practices for frequency and approach to risk analysis
- How to effective assess compliance efforts of Business Associates
- Business Associate status of cloud service providers
- Emerging technology risks, including medical devices and patient portals
“Risk analysis was the perfect topic to kick off our Blue Ribbon Panel series,” said Bob Chaput, CEO and founder of Clearwater Compliance. “Participants were able to get personalized guidance and insight from the brightest minds in the industry on a basic necessity for compliance. This format creates a powerful learning opportunity for attendees.”
Interested organizations can download a full recording of the Blue Ribbon Panel and sign up for next month’s Live Blue Ribbon Panel web event by clicking here.
Next up for the Blue Ribbon Panel is a discussion on Omnibus Implications for Business Associates. The web event is scheduled for Thursday, March 27, 2014 3:30 pm – 5:00 pm CDT.
About the HIPAA-HITECH Blue Ribbon Panel
The Blue Ribbon Panel convenes monthly for 90-minute interactive sessions to discuss relevant news, updates and evolving compliance ramifications via an ongoing series of live web events. Each session features 5-6 national experts who share insight and exchange ideas while fielding questions from attendees.
Latest posts by Bob Chaput (see all)
- HIPAA Risk Analysis Tip – Part 5 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - June 5, 2017
- HIPAA Risk Analysis Tip – Part 4 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - May 29, 2017
- HIPAA Risk Analysis Tip – Part 3 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - May 21, 2017