Supplemental Materials – The Complete List

Program Syllabus

Session I:

1-1   Harnessing the Power of NIST | Your Practical Guide to Effective Information Risk Management (Clearwater White Paper)

1-2   Banner Health’s Becky Havlisch and Bob Chaput on Nimble Cyber Risk Management

1-3   Cleveland Clinic’s Charles Kolodkin and Clearwater’s Bob Chaput Share Crucial Steps in Developing a Hospital Cyber Risk Management Strategy

1-4   National Children’s Rebecca Cady and Clearwater’s Bob Chaput discuss Managing Cyber Risk through an Insurance Captive

2-1   Framework for Improving Critical Infrastructure Cybersecurity 

2-2   Cybersecurity Framework Industry Resources

2-3   OIG: HHS Needs to Strengthen Security and Privacy Guidance and Oversight

2-4   Cybersecurity Framework Frequently Asked Questions

2-5   NIST SP800-39-final_Managing Information Security Risk 

2-6   Harnessing the Power of NIST | Your Practical Guide to Effective Information Risk Management (Clearwater White Paper)

2-7   Choosing an Information Risk Management Framework: The Case for the NIST Cybersecurity Framework in Healthcare Organizations

Session 2

3-1   The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security (ANSI)(PDF)

3-2   Cost of a Data Breach Model (Excel)

3-3   Links to Supplemental Guidance from OCR:

·       HIPAA Guidance Materials

·       OCR Resolution Agreements

·       OCR Complaint Data

·       OCR Breach Data

·       FACT SHEET: Ransomware and HIPAA

·       11 Ransomware Trends for 2018

·       HIPAA Privacy, Security and Breach Notification Audit Program

4-1   The Continuing Disconnect between the Health Care Industry and OCR on HIPAA’s Risk Analysis Requirement

4-2   Risk Analyses vs. Gap Analyses – What is the Difference?

4-3   Sample – HIPAA Security Risk Analysis FOR Report

4-4   Guidance on Risk Analysis Requirements under the HIPAA Security Rule

4-5   NIST SP800-30 Revision 1 Guide for Conducting Risk Assessments

4-6   30-Minute Guide to Hiring the Best Risk Analysis Company

4-7   NIST SP800-53A Guide for Assessing the Security Controls in Federal Information Systems and Organizations

4-8   Sample – HIPAA Security Risk Analysis FOR Report

4-9   OCR 2016 Audit Protocol

Session 3

5-1   AAMI TIR57, Principles for medical device security – risk management

5-2   Guidance on Risk Analysis Requirements under the HIPAA Security Rule

5-3   IEC 80001-1:2010 Application of risk management for IT-networks incorporating medical devices – Part 1: Roles, responsibilities and activities

5-4   ISO 14971 Medical devices — Application of risk management to medical devices

5-5   FDA Content of Premarket Submissions for Management of Cybersecurity in Medical Devices Guidance

5-6   FDA Postmarket Management of Cybersecurity in Medical Devices

5-7   Framework for Improving Critical Infrastructure Cybersecurity  (NIST Cybersecurity Framework)

5-8   THE FDA’S ROLE IN MEDICAL DEVICE CYBERSECURITY

 

6-1   ARRA

6-2   HIPAA Omnibus Final Rule

6-3   OCR 2016 Audit Protocol

6-4   OCR Complaint Data

6-5   OCR Breach Data

6-6   OCR Resolution Agreements