Join former OCR Director Leon Rodriguez (9/2011-7/2014), now a Partner at Seyfarth Shaw LLP and Bob Chaput, CEO, Clearwater Compliance in an interactive presentation and discussion of OCR’s emerging standard of care in performing the HIPAA Risk Analysis required at 45 C.F.R. §164.308(a)(1)(ii)(A).
OCR issued “Guidance on Risk Analysis Requirements under the HIPAA Security Rule” in July 2010. Yet, healthcare entities struggle to perform this foundational compliance requirement and critical cyber risk management step.
As of this writing, in 37 OCR cases involving ePHI that resulted in Settlement Agreements / Corrective Active Plans, 33 organizations or 89% presented inaccurate or incomplete risk analyses. The 2012 Phase I audits showed 68% of the 115 audited organizations having adverse findings related to risk analysis.
Learn the root causes of these adverse findings and, more importantly, learn exactly what OCR expects in your HIPAA risk analysis and how to conduct a bona fide, comprehensive OCR-quality risk analysis.
- Cite specific regulatory requirements for ongoing risk assessments
- Describe the fundamentals of Information Risk Management
- Gain insight from a former Officer for Civil Rights Director
- Define fundamental risk terminology – assets, threats, vulnerabilities, controls, etc.
- Describe how/when the new Civil Money Penalty System may be applied if risk assessments are not performed
- Leverage important lessons-learned from 33 OCR Settlement Agreements / Corrective Action Plans
- Explain why risk analysis is a core foundational IRM step and describe the key steps
This webinar is designed to help covered entities and business associates understand and act on the specific Risk Analysis requirements included in the HIPAA Security Rule.
This session is offered as a 90-minute webinar using the GoToWebinar platform. The open format encourages questions during and after the session.
- No matter where you are on your risk analysis and overall risk management journey, you will benefit from learning about why a bona fide risk analysis is the cornerstone of any good information security program.
- This presentation will enable attendees to feel comfortable with utilizing the NIST guidance to conduct a Risk Analysis, including leaving the session with practical, tangible, actionable next steps for their organizations.
- All registrants will receive a copy of all slide materials.