The Clearwater HIPAA and Cyber Risk Management BootCamp™ is focused on helping you execute a comprehensive approach to Risk Analysis and Risk Management, going beyond the typical checklist approach to HIPAA compliance programs and giving you a solid foundation of key information risk management concepts.
The curriculum is delivered in nine interactive modules:
1. Overview of the NIST Risk Management Framework and Process
- Describe the 4-Step NIST Information Risk Management (IRM) Process
- Access NIST and other resources to assist CEs, BAs and Subcontractors in Information Risk Management
- Explain the essential steps of establishing, operationalizing and maturing an IRM program
- Engage with customers and business partners directly on IRM requirements
2. A Deeper Dive into the HIPAA Privacy, Security and Breach Notification Rules
- Defend the position that the only real way to prepare for an OCR Investigation is to become and remain compliant with the HIPAA Privacy, Security and Breach Notification Rules
- Describe the OCR investigation process and how to participate efficiently and effectively
- Cite and explain the explicit HIPAA requirements for Breach Determination and Notification
- Understand and be able to apply the three exceptions to the definition of breach
- Describe the four factors and other considerations when determining the low probability of compromise of PHI
3. The Critical Difference: HIPAA Security Evaluation vs. HIPAA Security Risk Analysis
- Articulate and cite explicit HIPAA Security Rule requirements
- Explain Why Security Evaluation is Not a Risk Analysis and vice versa
- Explain what OCR looks for in an audit or investigation regarding Security Evaluation and Risk Analysis
- Take practical steps to complete Security Evaluations and Risk Analyses
- Explain how Security Evaluations and Risk Analyses fit into an overall HIPAA Compliance Program
4. Panel Discussion – Addressing Healthcare Cybersecurity Strategically
- Share best practices
- Address overarching theme: Information risk management should be part of enterprise risk management. HIPAA security compliance risks and cyber risks have become increasingly more significant business risk management issues with links to patient safety, financial, brand, talent acquisition and numerous other risks.
5. What You Need to Know About an OCR-Quality Risk Analysis
- Understand general regulatory requirements for ongoing risk assessments
- Explain the difference between compliance and security
- Cite the specific regulatory requirements for risk assessment
- Define fundamental risk terminology
- Explain why risk assessment is a core foundational step
- Describe the fundamentals of Information Risk Assessment
- Describe the fundamentals of Information Risk Management
6. How to Implement a Strong, Proactive Business Associate Risk Management Program
- Explain why managing Business Associates (Vendors) is important
- Describe who is a Business Associate, and who isn’t
- Explain the expansion of the ‘Chain of Trust’ in healthcare
- Cite and explain the HIPAA Privacy and Security Rule contractual requirements for Business Associates (Vendors)
- Explain the risk rating concept and process for Business Associates (Vendors)
- Develop a Business Associate (Vendor) Management Program Checklist
- Describe the benefits of a Business Associate (Vendor) Management Program
7. What You Need to Know About an OCR-Quality Risk Response
- Understand the regulatory requirements and most effective standards for responding to risk
- Know the four essential options for effective risk response
- Evaluate alternatives to reduce risks in terms of effectiveness and Feasibility
- Learn how to make sure risk responses get implemented through tracking new or improved controls and safeguards
8. How to Adopt the NIST Cybersecurity Framework (CSF)
- Learn the seven steps to implement the NIST CSF
- Harness the power of NIST and five international open standards
- Change the conversation of cybersecurity and information risk management using an understandable tool
- Understand the benefits of the NIST CSF so your organization can move from chaos to order, process and discipline
9. Now what? – Summary and Action Planning
- Identify Immediate Next Actions for Your Organization
- Build Your Cyber Security Business Case
- Access Resources and Information Provided During BootCamp™
A faculty of nationally recognized, fully credentialed experts guides attendees through HIPAA compliance and security risk analysis fundamentals while sharing key insights, hard won lessons learned and practical tools for Risk Analysis and Risk Management.
Bob Chaput, MA, CISSP, HCISPP, CRISC, CIPP/US
CEO & Founder, Clearwater Compliance
Over the past 35 years, Mr. Chaput has worked as an educator, an executive and an entrepreneur. He has assisted businesses and individuals in developing highly secure information risk management strategies that are tightly linked with their business strategies and goals.
He speaks and writes extensively on HIPAA and HITECH privacy, security and information risk management matters and is a recognized HIPAA-HITECH data security and regulatory compliance expert.
Mary Chaput, MBA, HCISPP, CIPP/US, CHP
Chief Financial and Compliance Officer, Clearwater Compliance
Currently Mary serves as Chief Financial and Compliance Officer for Clearwater Compliance LLC. Previously, as Compliance Officer in a national health care company, Mary was involved with the protection of 500 terabytes of health data belonging to approximately 40 million Americans.
Mary participates actively in HIPAA-HITECH related discussions and is an active member of the ANSI PHI Project Financial and Framework groups.
David Finn, CISA, CISM, CRISC
Health Information Technology Officer, Symantec
David is the Health Information Technology Officer for Symantec. Mr. Finn has more than 30 years’ experience in the planning, management, and control of information technology and business processes. He is focused on enabling operating efficiency and deriving business value through the optimization and control of technology. Mr. Finn’s key skills include IT Governance and Control, Project Management, Systems Selection and Implementation, Business and IT Partnering, and IT Audit, Control, and Security.
Mr. Finn has presented nationally and internationally on such topics as project management, professional leadership and staff development, and privacy and security. He has contributed to or written articles on IT Management, Disaster Recovery and Security for such as journals as CIO Digest and Baseline.
Michelle Caswell, JD
Senior Director, Legal and Compliance, Clearwater Compliance
Michelle Caswell has over 14 years healthcare experience, with an in-depth knowledge of HIPAA Privacy, Security and Breach Notification compliance. Michelle has worked as a Health Insurance Portability and Accountability Act (HIPAA) Investigator for the U.S. Department of Health and Human Services, Office for Civil Rights where she ensured covered entities were in compliance with HIPAA, conducted complaint investigations and educated entities on HIPAA compliance.
She is passionate about safeguarding the privacy and security of PHI and is a frequent national speaker on healthcare compliance and security.
BootCamp attendees regularly recommend the training program to their peers and colleagues. Here are some positive reviews from past attendees:
Have been impressed with your approach and the content of your discussions. Truly helpful and right on point.
Comprehensive material, expert explanation, great practical value.
Very in depth and thorough information. Presentations were also very comprehensive and lively.
Provided not only information but practical tools to put information to use.
All presenters demonstrate experience and all present exceptionally well. Clearwater is a vendor that deserves to be trusted.
The program covered all of the essential elements of a solid Risk Management Program and best practices.
Very collaborative and educational.
The includes a series of three, 3-hour sessions using the web-based GoToTraining platform. Attendance required at all three sessions to receive a certificate of attendance.
We periodically present our BootCamp™ at cities across the US. If you would like to be notified of upcoming events in your area, please subscribe here.