[tagline_box backgroundcolor="" shadow="yes" shadowopacity="0.7" border="1px" bordercolor="" highlightposition="left" content_alignment="left" link="https://go.clearwatercompliance.com/webinarocrqualityriskanalysisfeb2018" linktarget="_blank" modal="" button_size="" button_shape="" button_type="" buttoncolor="" button="Register Now" title="Reserve Your Seat | Join Us" description="Take the mystery out of conducting an accurate and complete risk analysis that is guaranteed to meet OCR’s increasingly more stringent ‘standard of care’." margin_top="" margin_bottom="30px" animation_type="slide" animation_direction="left" animation_speed="1" class="" id=""][/tagline_box][separator style_type="none" top_margin="" bottom_margin="" sep_color="" border_size="" icon="" icon_circle="" icon_circle_color="" width="" alignment="" class="" id=""][three_fourth last="no" spacing="yes" center_content="no" hide_on_mobile="no" background_color="" background_image="" background_repeat="no-repeat" background_position="left top" border_position="all" border_size="0px" border_color="" border_style="solid" padding="" margin_top="" margin_bottom="" animation_type="0" animation_direction="down" animation_speed="0.1" class="" id=""][fusion_text]There are plenty of ways to squander several million dollars, but none quite as frustrating as forking over those hefty sums to HHS’s Office for Civil Rights (OCR).  In each of these recent cases, Texas health system ($2.20MM), St. Joseph’s Health ($2.1MM), and Advocate ($5.6MM), the organizations were found not to have completed a HIPAA Risk Analysis that meets OCR’s increasingly more stringent ‘standard of care’.

It is clear that many organizations struggle to fully comprehend the scope of an OCR-Quality Risk Analysis.   Simply put, an accurate and complete HIPAA Risk Analysis must include all information assets in all lines of business in all facilities and in all locations.  If that sounds like lot, it is.  But when approached with a step-by-step methodology based on OCR and NIST guidance, aided by award-winning software, it is achievable.[/fusion_text]

Agenda

[fusion_text]This 75-minute webinar has been designed to help covered entities and business associates understand and act on the specific Risk Analysis requirements included in:[/fusion_text][checklist icon="fa-info-circle" iconcolor="" circle="" circlecolor="" size="13px" class="" id=""][li_item icon="fa-info-circle"]the HIPAA Risk Analysis implementation specification language at 45 CFR §164.308(a)(1)(ii)(A) of the HIPAA Security Rule;
[/li_item][li_item icon="fa-info-circle"]the methodology outlined in the HHS/OCR “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”;
[/li_item][li_item icon="fa-info-circle"]the underlying NIST Special Publications for performing a risk assessment and, specifically NIST SP 800-30 “Guide for Conducting Risk Assessments”;
[/li_item][li_item icon=""]the documentation found in OCR investigation letters and "OCR Resolution Agreements / Corrective Action Plans".
[/li_item][li_item icon=""]the "OCR Audit Protocol – Updated April 2016" specific to Risk Analysis and Risk Management .
[/li_item][li_item icon=""]our work with numerous organizations subjected to OCR enforcement actions that included reviews of organizations' risk analyses.
[/li_item][/checklist][/three_fourth][one_fourth last="yes" spacing="yes" center_content="no" hide_on_mobile="no" background_color="" background_image="" background_repeat="no-repeat" background_position="left top" border_position="all" border_size="0px" border_color="" border_style="" padding="" margin_top="" margin_bottom="" animation_type="" animation_direction="" animation_speed="0.1" class="" id=""]

Date & Time

[fusion_text]

February 7, 2018

11 am - 12.15 pm CT

[/fusion_text]

Your Presenters

[person name="Bob Chaput, MA, CISSP, HCISPP, CRISC, CIPP/US" title="CEO, Clearwater Compliance LLC" picture="/wp-content/uploads/2015/06/Bob-Chaput-150x150.jpg" pic_link="" linktarget="_blank" pic_style="bottomshadow" hover_type="none" background_color="" content_alignment="left" pic_style_color="" pic_bordersize="0" pic_bordercolor="" pic_borderradius="0" icon_position="" social_icon_boxed="yes" social_icon_boxed_radius="4px" social_icon_colors="" social_icon_boxed_colors="" social_icon_tooltip="" email="" facebook="" twitter="http://www.twitter.com/ClearwaterHIPAA" instagram="" dribbble="" google="" linkedin="https://www.linkedin.com/in/bobchaput" blogger="" tumblr="" reddit="" yahoo="" deviantart="" vimeo="" youtube="http://www.youtube.com/user/ClearwaterCompliance" pinterest="" rss="" digg="" flickr="" forrst="" myspace="" skype="" paypal="" dropbox="" soundcloud="" vk="" class="" id=""][/person][separator style_type="single" top_margin="15" bottom_margin="25" sep_color="" border_size="" icon="" icon_circle="" icon_circle_color="" width="" alignment="center" class="" id=""][person name="Wes Morris, CHPS, CIPM, HCISPP" title="Principal Consultant, Clearwater Compliance" picture="https://clearwatercompliance.com//wp-content/uploads/2016/10/wes-morris.jpg" pic_link="" linktarget="_blank" pic_style="bottomshadow" hover_type="none" background_color="" content_alignment="" pic_style_color="" pic_bordersize="0" pic_bordercolor="" pic_borderradius="0" icon_position="" social_icon_boxed="yes" social_icon_boxed_radius="4px" social_icon_colors="" social_icon_boxed_colors="" social_icon_tooltip="" email="" facebook="" twitter="http://www.twitter.com/ClearwaterHIPAA" instagram="" dribbble="" google="" linkedin="https://www.linkedin.com/in/wes-morris-11544134/" blogger="" tumblr="" reddit="" yahoo="" deviantart="" vimeo="" youtube="http://www.youtube.com/user/ClearwaterCompliance" pinterest="" rss="" digg="" flickr="" forrst="" myspace="" skype="" paypal="" dropbox="" soundcloud="" vk="" class="" id=""][/person][/one_fourth][separator style_type="none" top_margin="" bottom_margin="" sep_color="" border_size="" icon="" icon_circle="" icon_circle_color="" width="" alignment="" class="" id=""]

The Challenge

[fusion_text]In determining that 9 out of 10 organizations are failing to meet very fundamental HIPAA information risk analysis requirements, OCR has cited these top 5 root causes for the adverse findings:

  • The risk analysis was not asset-based – all systems / apps / technology that create, receive, maintain or transmit ePHI
  • The risk analysis was not comprehensive enough – it does not include every information asset in every line of business in every facility in every location
  • The risk analysis was not detailed enough – it does not consider every asset-threat-vulnerability scenario
  • The risk analysis did not follow HHS/OCR “Guidance on Risk Analysis Requirements under the HIPAA Security Rule” – instead, it was just a controls checklist
  • The risk analysis was not documented well-enough – there was no sufficient evidence of vibrant program

The challenge organizations are facing is how to conduct an accurate and comprehensive HIPAA Risk Analysis that includes all information assets in all lines of business in all facilities and in all locations.  The combinations of asset-threat-vulnerability triples is overwhelming.  Risk analyses cannot be performed efficiently and effectively with spreadsheets and accurate and comprehensive risk analysis is certainly not a matter of using a controls checklist.[/fusion_text]

The Solution

[fusion_text]Attend this live web event and learn a step-by-step methodology based on OCR and NIST guidance, aided by award-winning software Clearwater is the best in the world at conducting OCR-quality risk analyses and risk management and have earned numerous awards and recognition, including the exclusive enforcement of the American Hospital Association.  While OCR cannot endorse commercial organizations, Clearwater is a well-known and proven risk management partner in eyes of OCR.  Their tacit endorsement is evidenced in recent web and live speaking events with current and former members of the Office for Civil Rights.  For example, we conducted this webinar on May 3rd“What OCR Expects in Your HIPAA Risk Analysis: A Conversation with Former OCR Director Leon Rodriguez”.[/fusion_text]

Learning Outcomes

[fusion_text]If you receive, create, maintain or transmit ePHI or any sensitive information for which you cannot afford loss or harm, you should attend this session.[/fusion_text][checklist icon="fa-star" iconcolor="" circle="" circlecolor="" size="13px" class="" id=""][li_item icon=""]Explaining the difference between compliance and security[/li_item][li_item icon=""]

Citing the specific regulatory requirements for risk assessment

[/li_item][li_item icon=""]

Defining fundamental risk terminology

[/li_item][li_item icon=""]

Explaining why risk assessment is a core foundational step for any information security program

[/li_item][li_item icon=""]

Describe the fundamentals of Information Risk Assessment

[/li_item][li_item icon=""]Describe the fundamentals of Information Risk Management[/li_item][li_item icon=""]All registrants will receive a copy of all slide materials.
[/li_item][/checklist][tagline_box backgroundcolor="" shadow="yes" shadowopacity="0.7" border="1px" bordercolor="" highlightposition="left" content_alignment="left" link="https://go.clearwatercompliance.com/webinarocrqualityriskanalysisfeb2018" linktarget="_blank" modal="" button_size="" button_shape="" button_type="" buttoncolor="" button="Register Now" title="Reserve Your Seat | Join Us" description="Take the mystery out of conducting an accurate and complete risk analysis that is guaranteed to meet OCR’s increasingly more stringent ‘standard of care’." margin_top="" margin_bottom="30px" animation_type="slide" animation_direction="left" animation_speed="1" class="" id=""][/tagline_box]