ON DEMAND WEBINARS
What OCR Expects In Your HIPAA Risk Analysis: A Conversation with Former OCR Investigator, Deepali Doddi | On-Demand
THIS PRESENTATION IS A RECORDING OF A LIVE WEB EVENT CO-HOSTED BY FORMER OCR INVESTIGATOR, DEEPALI DODDI AND CLEARWATER CEO, BOB CHAPUT PRESENTED ON 09/26/2017.
For the latest information and to take advantage of interacting with our subject matter experts, we invite you to attend one of our live webinars.
In determining that 9 out of 10 organizations are failing to meet very fundamental HIPAA information risk analysis requirements, OCR has cited these top 5 root causes for the adverse findings:
The risk analysis was not asset-based – all systems / apps / technology that create, receive, maintain or transmit ePHI
The risk analysis was not comprehensive enough – it does not include every information asset in every line of business in every facility in every location
The risk analysis was not detailed enough – it does not consider every asset-threat-vulnerability scenario
The risk analysis did not follow HHS/OCR “Guidance on Risk Analysis Requirements under the HIPAA Security Rule” – instead, it was just a controls checklist
The risk analysis was not documented well-enough – there was no sufficient evidence of vibrant program
The challenge organizations are facing is how to conduct an accurate and comprehensive HIPAA Risk Analysis that includes all information assets in all lines of business in all facilities and in all locations. The combinations of asset-threat-vulnerability triples is overwhelming. Risk analyses cannot be performed efficiently and effectively with spreadsheets and accurate and comprehensive risk analysis is certainly not a matter of using a controls checklist.
View this recorded web event and learn a step-by-step methodology based on OCR and NIST guidance, aided by award-winning software. Clearwater is the best in the world at conducting OCR-quality risk analyses and risk management and have earned numerous awards and recognition, including the exclusive endorsement of the American Hospital Association. While OCR cannot endorse commercial organizations, Clearwater is a well-known and proven risk management partner in eyes of OCR.
YOU ASKED, WE LISTENED
We know a Risk Analysis can be daunting. We tried to answer some questions to help you understand. Check out our HIPAA Risk Analysis Blog Series.
- HIPAA Risk Analysis Tip – Part 2 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez
- HIPAA Risk Analysis Tip – Part 3 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez
- HIPAA Risk Analysis Tip – Part 4 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez
- And More To Come!