Register Now

Reserve your seat

Join us for this complimentary educational webinar and learn the foundations of a strong information risk management program.
Register Now

Many struggle to understand the difference between the HIPAA Security Evaluation required at 45 CFR §164.308(a)(8) and the HIPAA Security Risk Analysis required at 45 CFR §164.308(a)(1).  The recently published OCR Audit Protocol clearly calls for both assessments.

Register today and end the confusion.

Agenda

This webinar is designed to help covered entities and business associates understand and act on the specific Risk Assessment requirements included in the HIPAA Security Final Rule.

In this live 75 minute session, attendees will learn about:

  • The requirements of the HIPAA Security Final Rule for conducting periodic security evaluations
  • The difference between a compliance assessment and a risk assessment
  • The HIPAA Security Final Rule civil and criminal penalties
  • Practicable, actionable steps to complete the evaluations required by law

Date & Time

Thursday, December 15, 2016
11 am – 12:15 pm CDT

Your Presenter

Bob Chaput, MA, CISSP, HCISPP, CRISC, CIPP/US
Bob Chaput, MA, CISSP, HCISPP, CRISC, CIPP/USCEO, Clearwater Compliance LLC

The Challenge

Complying with the HIPAA Security Final Rule involves many steps and considerations. We focus on the two evaluations you must complete, by law. The HIPAA Security Final Rule requires both. A thorough HIPAA Security Compliance Evaluation broadly covers all aspects of the law including all 22 Standards and 53 Implementation Specifications that comprise the Administrative, Physical and Technical Safeguards in the HIPAA Security Final Rule.

Additionally, this evaluation must cover CFR 164.314 and 316 related to Organizational Requirements, Policies and Procedures and Documentation. This type of evaluation is a critical step and should be completed whether one is just starting a HIPAA Security Compliance program, rejuvenating an existing program or maintaining an existing program. The output of the evaluation establishes a baseline of overall compliance which can be measured by the executive team, compliance or risk officer, audit committee or board. Think FOREST view.

A HIPAA Security Risk Assessment is also required by law to be performed by every CE and BA.

The Security Final Rule states:
45 C.F.R. § 164.308(a)(1)(ii)(A) RISK ANALYSIS (Required).
Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the [organization]

Additionally, completion of the Risk Assessment is a core requirement to meet Meaningful Use objectives. Both the HIPAA Security Compliance Evaluation and the HIPAA Security Risk Assessment are required by law and important and necessary steps on your HIPAA Security compliance journey. Knowing what evaluation to complete when is a challenging decision even for the largest and most sophisticated organizations.

Learning Outcomes

The approaches presented in the webinar have been used by organizations of all sizes and are purposefully designed to be used by the largest CEs and BAs (e.g., hospitals, insurers, care management firms, etc) to the smallest CEs, BAs and subcontractors (e.g., small medical practices, clinics, dental offices, medical billing companies etc.).

No matter where you are in your HIPAA compliance journey, you will benefit from learning about:

  • The requirements of the HIPAA Security Final Rule for evaluations
  • The difference between a compliance assessment and a risk assessment
  • The HIPAA Security Final Rule civil and criminal penalties
  • Practical, actionable steps to complete the evaluations required by law
  • Available Software and ToolKits to jump-start your evaluation processes and overall compliance program
  • All registrants will receive a copy of all slide materials
Register Now

Reserve your seat

Join us for this complimentary educational webinar and learn the foundations of a strong information risk management program.
Register Now