HOW TO DO A RISK ANALYSIS 2014 - How to do a Risk Analysis

Website http://bit.ly/1pG3XJG | Edit Freely

Category HOW TO DO A RISK ANALYSIS 2014

Deadline: August 14, 2014 | Date: August 14, 2014

Venue/Country: Fremont, U.S.A

Updated: 2014-07-22 13:38:01 (GMT+9)

Call For Papers - CFP

Because a risk analysis is a required implementation specification under the Security Rule, failure to do one is willful neglect. And the civil money penalties are not the only sanctions for not doing a risk analysis. The remediation costs for a breach that might have been prevented had a risk analysis been done can be much more than the CMP. Blue Cross Blue Shield of Tennessee not only had to pay the $1.5 million settlement, but also it incurred $17 million in remediation costs-costs that might have been avoided had it done an updated risk analysis.

Why should you attend: The majority of the DHHS civil money penalties and settlements in lieu thereof involve, sometimes with other violations, failure to perform a written risk analysis. These penalties usually are in the seven figure range. Blue Cross Blue Shield of Tennessee, for example, settled for $1.5 million for failing to update its risk analysis when its physical security situation changed. Other seven-figure settlements involved failure to do the required initial risk analysis.

Areas Covered in the Session:

What is risk analysis?

Why do you need to do one?

How to do one

Assemble a good team

Identify assets

Identify risks

Quantify risks

Select reasonable, appropriate, and cost effective security measures

Test and revise security measures

Particular areas to focus on (portable devices, social media, email, and the like)

Case study (will walk webinar attendees through the process)

Questions and answers

Who Will Benefit:

HIPAA compliance Officers

HIPAA Security Officers

HIPAA Privacy Officers

Human Resources Directors

Business Office Managers

Medical Records Personnel

Health Care Attorneys

Patient Accounts Managers

Business Associates

Background :

HIPAA requires a risk analysis of threats to protected health information (“PHI”). Even if risk analysis were not required, one cannot possibly implement reasonable and appropriate security measures to protect PHI without first having completed a risk analysis. If one implements a security measure without conducting a risk analysis, it is just guessing.

And most covered entities and business associates have not completed this most important compliance requirement. The Department of Health and Human Services (“DHHS”) recent audits of covered entities revealed that 47 out of 61 had not conducted a satisfactory risk analysis. This lack of risk analyses is likely because of neglect or failure to understand the need therefore and how to do one.

Jonathan P. Tomes , J.D., is a health care attorney and partner in the law firm of TOMES & DVORAK, CHARTERED. He has written more than 50 books, including The Compliance Guide to HIPAA and the DHHS Regulations, and dozens of articles in the area of HIPAA compliance.

He has been an expert witness in litigation involving health information compliance issues and is the President of EMR Legal, Inc., a national HIPAA consulting firm. His knowledge of the law and of the practical aspects of setting up a security system provides a rare opportunity for compliance officers and medical records veterans and novices alike. Mr. Tomes has presented seminars nationally for 20 years.

MentorHealth

Roger Steven

Phone No: 800-385-1607

FaX: 302-288-6884

webinarsmentorhealth.com

Event Link: http://bit.ly/1pG3XJG

http://www.mentorhealth.com/