Top Reason for Risk Analysis Failures
August 22, 2018 | 12 pm – 12:45 pm CT
In this webinar, attendees will hear directly from former OCR Deputy Director, Iliana Peters and Cyber Risk Management expert, Bob Chaput. Both will provide insight into why so many healthcare organizations struggle to meet the HIPAA Security Rule, particularly Risk Analysis requirements. Additionally, they will explain the specific top reasons why organizations are failing to meet the OCR standard for a comprehensive risk analysis.
OCR audit and enforcement activity shows that 9 of 10 organizations fail to conduct risk analyses that meet OCR and HIPAA requirements; most likely, yours would fail
The HIPAA Security Rule calls for three (3) separate and distinct ‘assessments’, including a specific risk analysis, which are commonly confused
Understanding the critical difference between the three assessments can mean the difference between a request for voluntary compliance or a multi-million dollar expense
Specific Learning Objectives:
Explain the requirements of the HIPAA Security Final Rule for conducting periodic security evaluations
Describe the difference between a compliance gap assessment, a risk analysis and technical testing
Detail an example of a civil money penalty. Undertake practical, actionable steps to complete the evaluations required by law
THA & Clearwater Summer Webinar Series Recap:
RECAP: Webinar 1 of 3 | First, Do No Harm! The Impact of Cyber Risks on Patient Safety
June 27 | 12 pm – 12:45 pm CT
With the vision of the eHealth Exchange and digitization of healthcare, we anticipate great advances in patient engagement, health care outcomes and quality of care. At the same time, healthcare’s advancements in assuring privacy and security of sensitive information and biomedical devices through better risk management are not keeping pace. In fact, the promises of digitization carry unintended consequences and concerns about patient safety and new potential forms of medical professional liability. It’s not about HIPAA compliance and it’s not just an “IT problem”. Attend and learn about critical steps we must all take to identify and mitigate these new, emerging enterprise risks.
Declare It’s Not Just an IT Problem – Make it a Team Sport
Make it About Patient Care, Patient Experience and Medical Professional Liability
There is a Path Forward – Strategically, Tactically and Operationally
This event has ended, but is available for viewing ON-DEMAND.
RECAP: Webinar 2 of 3 | Lessons Learned from OCR Enforcements Actions
July 31 | 12-12:45pm
The Office for Civil Rights (OCR) within the Department of Health and Human Services (HHS) vigorously enforces the HIPAA Privacy, Security and Breach Notification rules. Enforcement may include compliance reviews, voluntary compliance requirements, audits, resolution agreements or formal corrective action plans, accompanied by civil money penalties or negotiated settlement amounts. This webinar will cover a select number of enforcement case studies and key lessons for handling an OCR enforcement action or an anticipated action in the event of a breach or a complaint.
OCR enforcement activity is not slowing down
Any actions you take or don’t take, any information you provide or fail to provide, will be used against you in determining the breadth, depth and outcome of the investigation.
When you report a breach and/or OCR initiates an investigation of your organization, it is important to understand this is an adversarial situation with serious potential consequences.
It is possible to minimize the scope and impact of an investigation as well as the amount of any penalties.