Supplemental Materials – The Complete List
Program Syllabus
Session I:
Session 2
5-1. Clearwater blog post: “HIPAA Audit Tips – Don’t Confuse HIPAA Security Evaluation and Risk Analysis”
5-2. NIST SP800-115 Technical Guide to Information Security Testing and Assessment 5-3. NIST SP800-30 Revision 1 Guide for Conducting Risk Assessments |
6-1. Resolution Agreements and Civil Money Penalties
6-2. 09-06-2017_Update on OCR’s Phase 2 HIPAA Audits by Linda Sanches 6-3. NACD Cyber-Risk Oversight Handbook Executive Summary 6-4. Symantec Healthcare Internet Security Threat Report |
7-1. Harnessing the Power of NIST | Your Practical Guide to Effective Information Risk Management (Clearwater White Paper)
7-2. NIST SP800-39-final_Managing Information Security Risk 7-4. NIST SP800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations 7-5. Framework for Improving Critical Infrastructure Cybersecurity (NIST Cybersecurity Framework) |
Session 3
8-1. Clearwater White Paper: Harnessing the Power of NIST | Your Practical Guide to Effective Information Risk Management
8-2. NIST SP800-39-final_Managing Information Security Risk 8-3. NIST SP800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations 8-4. Framework for Improving Critical Infrastructure Cybersecurity (NIST Cybersecurity Framework) 8-5. Sample – HIPAA Security Risk Analysis FOR Report 8-6. Guidance on Risk Analysis Requirements under the HIPAA Security Rule 8-7. NIST SP800-30 Revision 1 Guide for Conducting Risk Assessments 8-9. 30-Minute Guide to Hiring The Best Risk Analysis Company | What to Look for in a HIPAA Risk Analysis Company & Solution (scroll down) 8-10. How to Conduct an OCR-Quality Risk Analysis-On Demand (Webinar)
|
You Asked, We Answered
- Cost of a Data Breach and ROI Model
-
The Financial Impact of Breached Protected Health Information: 2017 Update
These documents are not legal advice, please consult with your legal counsel on all such matters.
- Education Certifications
- Industry Association Credentials
- References to “research” in the Privacy Rule which have been “redline” for changes from the Omnibus Rule
- Copy of a presentation by OCR and from the Secretary’s Advisory Committee on Human Research Protections – March 2013
- Copy of the press release related to the OCR settlement with Feinstein Institute for Medical Research following a breach in which the investigation uncovered insufficient security management processes
Some additional information related to potential future changes:
- A copy of the 21stCentury Cures Act passed by the House in July 2015
- A blog I wrote related to the HIPAA implications in that Cures Act
- A copy of the “Innovation for Healthier Americans” a report by Sen Lamar Alexander in January 2015
- Link to Sen Lamar’s column regarding the 21stCentury Cures act https://energycommerce.house.gov/news-center/news/sen-alexander-curesnow-effort-welcome-opportunity-consensus 2016
- A copy of the Senate’s introduction of a bipartisan bill to support U.S. research and education (June 2016)