Understanding the proper methodologies on conducting a HIPAA Risk Assessment based on the requirements of the HIPAA Security Rule is critical for any organization. The U.S. Department of Health and Human Services requires all organizations handling protected health information (PHI), including HIPAA hosting providers, to conduct a risk assessment as the first step toward implementing safeguards specified in the HIPAA Security Rule, and ultimately achieving HIPAA compliance.
The Security Rule requires entities to evaluate risks and vulnerabilities in their environments and to implement reasonable and appropriate security measures to protect against reasonably anticipated threats or hazards to the security or integrity of e-PHI. The risk assessment is the first step in that process.
This webinar will cover concepts involved in a security risk analysis and overall risk management. Sample assessment questions will be reviewed and guidance provided on how to make risk level determinations based on responses. Documenting the results of the risk assessment will covered.
If your healthcare practice or business needs to understand how to conduct a HIPAA Risk Assessment, please join us for this informative and interactive session.
- Why was HIPAA created?
- Who Must Comply with HIPAA Requirements?
- What is the HIPAA Security Rule?
- What policies and procedures must be in place
- Risk assessment methodology
- Elements of a risk assessment
- NIST Cybersecurity Crosswalk for the HIPAA
- What are “Required” and “Addressable” Implementation Specifications?
- What are Administrative, Technical, and Physical Safeguards Requirements?
- What are the penalties and fines for non-compliance and how to avoid them
- HIPAA Privacy Officer
- HIPAA Security Officer
- Practice Managers
- Information Systems Manager
- Chief Information Officer
- General Counsel/lawyer
- Office Manager
- Any Business Associates that accesses protected health information
HC1527