|
Speaker |
Brian L. Tuttle |
|
Industry |
Healthcare |
|
Speciality |
HIPAA and Compliance Conference |
|
Available |
All Days |
|
Duration |
90 Minutes |
Description
Conducting a HIPAA HITECH security risk assessment involves systematically evaluating potential risks and vulnerabilities to protected health information (PHI). The webinar will begin by assembling a multidisciplinary team with IT, security, compliance, and healthcare operations expertise, defining the assessment's scope, and identifying all systems, processes, and personnel interacting with PHI. Next, assess security measures, including physical safeguards, technical controls, and administrative procedures.
It also utilizes standardized frameworks and the HIPAA Security Rule to guide the assessment process. Identifying potential threats, such as unauthorized access, data breaches, or system failures, and evaluating each threat's likelihood and potential impact. And develop a comprehensive risk management plan that prioritizes mitigation strategies based on the severity and probability of identified risks. Regularly review and update the risk assessment to adapt to evolving threats and changes in technology organizational processes.
Session Highlights
Why Should You Attend
Attending a HIPAA HITECH security risk assessment is not just about individual compliance but collective security. Ensuring compliance with regulatory requirements set forth by HIPAA and HITECH contributes to a collective effort to safeguard protected health information (PHI). Moreover, involvement in the assessment allows us to comprehensively understand the organization's security posture, including identifying potential vulnerabilities and threats to PHI. This knowledge empowers attendees to proactively implement security measures and mitigate risks, ultimately reducing the likelihood of data breaches and their associated consequences, such as financial penalties and reputational damage.
Furthermore, attending the assessment fosters collaboration and communication among stakeholders, facilitating a holistic approach to security that considers technical, operational, and regulatory aspects is not just essential; it's a testament to the power of collaboration, promoting a culture of compliance, accountability, and continuous improvement within your organization.
Who Should Attend
( CPHIT, CHP, CBRA, Net+, A+, CCNA, MCP)
Brian L. Tuttle is a Certified Professional in Health IT (CPHIT), Certified HIPAA Professional (CHP), Certified HIPAA Administrator (CHA), Certified Business Resilience Auditor (CBRA), Certified Information Systems Security Professional (CISSP) with over 17 years of experience in Health IT and Compliance Consulting.
With vast experience in health IT systems (i.e., practice management, EHR systems, imaging, transcription, medical messaging, etc.) as well as over 22 years of experience in standard Health IT with multiple certifications and hands-on knowledge, Brian serves as a compliance consultant. He has conducted onsite and remote risk assessments for over 1000 medical practices, hospitals, health departments, insurance plans, and business associates throughout the United States.
In addition, Mr Tuttle has served in multiple litigated court cases as an expert witness, offering input on best practices and requirements for securing and providing patient access to protected health information. Mr. Tuttle has also worked directly with the Office of Civil Rights (OCR) in defending covered entities and business associates and being asked by the Federal government to audit covered entities and business associates on behalf of the OCR.