Overview:
The Risk Assessment which is required by the HIPAA Security Rule is often overlooked, misunderstood, or it seems to be too complex to even find a starting point.
What some organizations find out is that while they brought in a third party auditor to do a "IT network assessment' that they actually did not end up performing a full blow risk assessment.
The webinar will go over what it takes to perform a risk assessment and be in a position where you are continuously updating it. Sometimes there is confusion between risk analysis and risk management, but it is important to understand the differences of the two and why both are required. We will look at the importance of having a solid Risk Management Plan and how to use that plan to drive your risk assessment. In addition, understanding what the differences are between risk, threats and vulnerabilities and how they apply to your organization are critical first steps to help guide your assessment.
We will also look at the eight risk analysis and three risk management steps as outlined by CMS. When OCR comes knocking on your door and asks, "What is your risk assessment methodology?" How could they dispute using the methodology provided by CMS?
By the end of the webinar, you will have the steps necessary to create a risk management plan that will guide you through how to implement the eight risk analysis steps. Then we will look at what the mitigation plan is and how you can use to help prove that not only that you have done a risk assessment, but also are actively working towards remediating the threats and vulnerabilities discovered.
Why should you Attend: What is the first thing that the Office of Civil Rights asks for when they show up on your door to investigate a breach? The organization's Risk Management Plan and your most recent Risk Assessment. Surprisingly, some of the largest organizations, which got breached, could not produce either. Guess what? They ended up with millions of dollars in fines and penalties.
Have you collected money for Meaningful Use in the past? For each provider, you are asked if you have performed a risk assessment. For many organizations this box was checked, but then during a post breach investigation none could be produced. Guess what happened to them? They were required to return the money collected from the Meaningful Use attestation for each provider and in some cases charged with fraud.
The time is now to both perform your first risk assessment or brush off the cobwebs and get it updated. This webinar will teach you everything you need to know to get started.
Areas Covered in the Session:
- Comparison of Risk Management and Risk Analysis
- Requirements of Risk Management
- What are risks, threats, and vulnerabilities
- Detailed look on the steps necessary for Risk Analysis and Risk Management
- How to gather the necessary data for risk analysis
- Methods to determine the likelihood and potential impact of a threat
- Figuring out the level of risk
- Identify the actions required to manage the risk
- Creating the Mitigation Plan
Who Will Benefit:
- Providers
- Health Care Professionals
- Compliance Officers
- Business Associates
- IT Professionals
Brian Freedman , MS, CISSP, PMP, CHCO has earned his Masters of Science in Information Systems and has over 20 years working in IT and Information Assurance. Mr. Freedman leverages deep project management and technical experience in order to lead key elements to several Health-Information Technology (IT), Privacy and Security initiatives.
Mr. Freedman has hands-on experience with both the public and private sector healthcare networks and systems: He has worked at one of South Carolina's largest independent physicians practice, as its CIO and Information Technology Director. In his role as CIO, he was responsible for the oversight of all operational and technology functions for 33 Primary Care Physician offices and Specialist clinics. He served as the HIPAA Compliance Officer and managed a team of IT specialists in support of electronic medical records and practice management systems. He drafted and/or rewrote all related policies and procedures for the HIPAA final rule, and designed and delivered a HIPAA training program to more than 650 employees. Mr. Freedman also created and implemented an annual risk management / analysis program to focus on both HIPAA and Meaningful Use compliance. The risk management program developed by Mr. Freedman has provided the practice with a continuous risk management program.
He has co-authored a book on PCI Compliance and is the Technical Editor of a handbook on IT Regulatory and Standards Compliance. In addition, Mr. Freedman is an Adjunct Instructor for the Department of Network Systems Management at a local Technical College where he teaches classes in Information Systems, Networking, Information Assurance, and Regulatory Compliance (HIPAA and PCI). He holds some of the leading industry certifications from Microsoft and Cisco. He is also a CISSP, PMP, and is a Certified HIPAA Compliance Officer (CHCO).