How to do a HIPAA and HITECH Risk Analysis
Jonathan P. Tomes, J.D., is Keynote Speaker at Compliance Key. He is a health care attorney practicing in the greater Kansas City. He is a nationally recognized authority and expert witness on the legal requirements for health information. Jonathan P. Tomes is a healthcare attorney, consultant, educator, author and expert witness. He is a leading expert on the Health Insurance Portability and Accountability Act of 1996, particularly its Security and Privacy Rules. He also has litigated medical malpractice cases, defended doctors in revocation of licensure and credentialing proceedings, reviewe........
Overview
After explaining the need for conducting a HIPAA risk analysis and the penalties for not doing so, this Webinar will provide attendees a methodology for doing so. HIPAA does not specify a particular way of conducting such an analysis. But the author has taken hundreds of covered entities and business associates through the process and his way of doing must work because none of them have had a security breach.
Why should you attend this webinar?
Even if HIPAA did not require risk analysis, good practice would. If you implement a security measure without conducting a risk analysis, you are just guessing.
More importantly, the vast majority of HIPAA Civil Money Penalties (fines) most in the seven figure range have been for the failure to conduct the risk analysis mandated by the Security
Rule.
Areas Covered in the Session:
- What is a risk analysis?
- Why must you conduct one?
- Penalties for not conducting one - with examples.
- How to conduct a risk analysis:
- Assemble a good team and what to do if you are a sole practitioner and don't have anyone to be on the team.
- Identify assets that must be protected and what you already have on hand to do so.
- Identify risks to those assets.
- Quantify the risks. How likely are they to happen and how harmful will they be if they do happen?
- Select reasonable, cost effective security measures.
- Test and revise.
- How must you update the risk analysis (required)?
- Conclusion and question and answer.
Who can Benefit:
Privacy and Security Officers, Medical Records Professionals, IT Professionals, Clinicians, Office Managers, Risk Managers, Business Associates of Covered Entities (those that provide a service for the Covered Entity involving the use of individually identifiable health information (transcription services, billing services, cloud storage companies, and the like), Healthcare Attorneys, Compliance Officers.
