Live Webinar
The Problem Solved by this Webinar
The HIPAA Rules require Covered Entities and Business Associates to do Risk Analysis and Risk Management (RA-RM) but do not explain how to do them. OCR consistently calls Risk Analysis the foundation of every HIPAA Compliance program. This webinar clearly explains how to follow OCR’s advice to use Risk Analysis – Risk Management procedures developed by the National Institute of Standards and Technology (NIST). We lay out each step of the NIST RA-RM process and show how they fall neatly in three parts concluding with an easy to follow demonstration. You will receive a handout illustrating all the steps. HIPAA RA-RM is easy to do step-by-step – when you know the steps.
Key Points
Organizations must identify and understand the unique Risks to the privacy and security of protected health information (PHI) they hold. Then – and only then – can they craft and implement policies, procedures and training to manage specific risks that endanger their PHI and the organization’s financial well-being and reputation.
OCR regularly publishes Resolution Agreements following investigations of HIPAA violations by organizations due to Risks that should have been identified and could have been managed by a proper Risk Analysis.
RA-RM failures by large and small organizations have caused the private health information of hundreds of millions of Americans to be stolen.
On December 17, 2020 OCR published shocking results of its Phase 2 HIPAA Compliance Audits. OCR found:
86% of covered entities and 83% of business associates failed the Risk Analysis Audit and
94% of covered entities and 88% of business associates failed the Risk Management Audit.
Each covered entity and business associate knew they were short-listed to be audited. OCR provided the exact questions they would be asked and the documents they would be required to show well in advance of the audit.
Areas Covered in this Webinar
OCR Guidance – Risk Analysis and integrated Risk Management process
OCR Reliance on NIST Procedures – the standard for best practices
NIST Sources – HIPAA RA-RM and NIST Risk Management Framework
OCR Audit – National Crisis – Widespread Failure to do RA-RM
Inexcusable, Unnecessary and Dangerous
OCR/NIST HIPAA RA-RM Process explained simply – It’s just a 3 Act Play
Act 1 – Setup – Risk Analysis
Assemble Information – Identify, Document and Assess level of Risks
Act 2 – Confrontation – Risk Management – Documented Actions to Manage Risks
Act 3 – Resolution – Risk Management Program – Focused on your Organization’s Risks – Documented and Active
How to do OCR/NIST RA-RM demonstrated Step-by-Step
Why You Should Attend This Webinar
Failure to do HIPAA RA-RM puts your organization in grave danger. This webinar will show you how to do a complete HIPAA RA-RM step-by-step and how easy it is to follow those steps when they are explained. You should attend this this webinar to learn why you must worry about not doing a HIPAA RA-RM properly – and how you can stop worrying by simply doing a HIPAA RA-RM as required every year.
Who Will Benefit
All Health Care Covered Entities
Practice Managers – Covered Entities
HIPAA Compliance Officials – Privacy and Security Officers
Patient Engagement Officials
Health Information Technology Supervisors
Risk Managers – Covered Entities
Health Care Providers practicing as individuals or in small groups
Group Health Plan Administrators
Third Party Group Health Plan Administrators
Covered Entity Senior Management and Owners
Attorneys for Covered Entities – In-house and Outside Counsel
Compliance Committee – Covered Entity Board of Trustees
C-Suite Executives – all Covered Entities
Chief Compliance Officer – all Covered Entities
All Business Associates including:
Billing and Coding companies
Practice Management Companies and IT Vendors
Data Storage firms (electronic and paper)
Secure and unsecure providers of PHI Email and Text Message services
Vendors of patient satisfaction surveys
Law Firms representing Health Care Providers & Business Associates
