The Clearwater HIPAA and Cyber Risk Management BootCamp™ is focused on helping you execute a comprehensive approach to Risk Analysis and Risk Management, going beyond the typical checklist approach to HIPAA compliance programs and giving you a solid foundation of key information risk management concepts.
The curriculum is delivered in nine interactive modules:
1. How to Assess Your Privacy, Security and Compliance Liability Risk
- Explain new sources of privacy, security and compliance risk and liability
- Expanded enforcement powers of the Office for Civil Rights, the Federal Trade Commission, the Securities and Exchange Commission and State Attorneys General
- Establishing a Culture of Compliance
- Nine essential steps to mitigate the risk and liabilities
2. How to Establish Your Risk Management and HIPAA Compliance Program
- Determining your organization’s risk appetite
- Importance of HIPAA Compliance Alignment and Governance
- Developing a Charter your HIPAA Compliance Committee
- Methods for gaining the budget to address compliance gaps or weaknesses
3. How to Address Compliance Risk I – HIPAA Privacy and Security Regulations
- The OCR investigation process and how to participate efficiently and effectively
- DOs and DONTs on working with the OCR
- Key elements of a Balanced Compliance Program – Policies, Procedures, People and Safeguards
- Process for Conducting a Privacy and Security Assessments
- Closing common compliance gaps
4. How to Address Compliance Risk II – HIPAA Burden of Proof and Breach Notification Regulations
- Explicit HIPAA requirements for Breach Determination and Notification
- Developing a breach preparation plan to take advantage of Breach as an opportunity to engage senior management
- Key takeaways from real breach experiences
- Why privacy, security and compliance are ultimately people issues
5. How to Conduct a NIST-based Risk Assessment to Comply with HIPAA & Other Regulations
- Understanding the explicit HIPAA Security Rule requirements for Ongoing Assessments
- The difference between compliance and security
- Specific HIPAA regulatory requirements and HHS/OCR Guidance for “technical evaluation”, “non-technical evaluation” and risk analysis
- Defining baseline risk terminology and fundamentals of Risk Analysis
6. How to Implement a Strong, Proactive Business Associate Risk Management Program
- Privacy and Security Rule regulatory requirements for Business Associate Management
- Expansion of the ‘Chain of Trust’
- Risk rating concepts and processes for BAs
- Specific compliance responsibilities of BAs
7. How to Mature your Information Risk Management Program
- Importance of a mature risk management program and framework
- Implementing a Risk Management Maturity Model
- Developing a Dashboard to highlight unacceptable risk and show progress on mitigating risk
A faculty of nationally recognized, fully credentialed experts guides attendees through HIPAA compliance and security risk analysis fundamentals while sharing key insights, hard won lessons learned and practical tools for Risk Analysis and Risk Management.
Bob Chaput, MA, CISSP, HCISPP, CRISC, CIPP/US
CEO & Founder, Clearwater Compliance
Over the past 35 years, Mr. Chaput has worked as an educator, an executive and an entrepreneur. He has assisted businesses and individuals in developing highly secure information risk management strategies that are tightly linked with their business strategies and goals.
He speaks and writes extensively on HIPAA and HITECH privacy, security and information risk management matters and is a recognized HIPAA-HITECH data security and regulatory compliance expert.
Mary Chaput, MBA, HCISPP, CIPP/US, CHP
Chief Financial and Compliance Officer, Clearwater Compliance
Currently Mary serves as Chief Financial and Compliance Officer for Clearwater Compliance LLC. Previously, as Compliance Officer in a national health care company, Mary was involved with the protection of 500 terabytes of health data belonging to approximately 40 million Americans.
Mary participates actively in HIPAA-HITECH related discussions and is an active member of the ANSI PHI Project Financial and Framework groups.
David Finn, CISA, CISM, CRISC
Health Information Technology Officer, Symantec
David is the Health Information Technology Officer for Symantec. Mr. Finn has more than 30 years’ experience in the planning, management, and control of information technology and business processes. He is focused on enabling operating efficiency and deriving business value through the optimization and control of technology. Mr. Finn’s key skills include IT Governance and Control, Project Management, Systems Selection and Implementation, Business and IT Partnering, and IT Audit, Control, and Security.
Mr. Finn has presented nationally and internationally on such topics as project management, professional leadership and staff development, and privacy and security. He has contributed to or written articles on IT Management, Disaster Recovery and Security for such as journals as CIO Digest and Baseline.
Michelle Caswell, JD
Senior Director, Legal and Compliance, Clearwater Compliance
Michelle Caswell has over 14 years healthcare experience, with an in-depth knowledge of HIPAA Privacy, Security and Breach Notification compliance. Michelle has worked as a Health Insurance Portability and Accountability Act (HIPAA) Investigator for the U.S. Department of Health and Human Services, Office for Civil Rights where she ensured covered entities were in compliance with HIPAA, conducted complaint investigations and educated entities on HIPAA compliance.
She is passionate about safeguarding the privacy and security of PHI and is a frequent national speaker on healthcare compliance and security.
BootCamp attendees regularly recommend the training program to their peers and colleagues. Here are some positive reviews from past attendees:
Have been impressed with your approach and the content of your discussions. Truly helpful and right on point.
Comprehensive material, expert explanation, great practical value.
Very in depth and thorough information. Presentations were also very comprehensive and lively.
Provided not only information but practical tools to put information to use.
All presenters demonstrate experience and all present exceptionally well. Clearwater is a vendor that deserves to be trusted.
The program covered all of the essential elements of a solid Risk Management Program and best practices.
Very collaborative and educational.
The includes a series of three, 3-hour sessions using the web-based GoToTraining platform. Attendance required at all three sessions to receive a certificate of attendance.
We periodically present our BootCamp™ at cities across the US. If you would like to be notified of upcoming events in your area, please subscribe here.