How to Conduct a HIPAA Risk Assessment and the Surprising Danger of Not Doing One

Webinar Details

Speaker

Mark R Brengelman

Industry

HIPAA and Compliance Conference

Speciality

HIPAA and Compliance Conference

Available

All Days

Duration

60 Minutes


Registration Options

Choose Your Options

Save $20 - [ HEALTHCPTI ]

Error Conference Exists In Wish-list.

Congrats Conference Added In Wish-list.



Need Corporate Discount ?

Find More Webinars Of : HIPAA and Compliance Conference

  • * For more than 6 attendee call us at +1-800-803-7592 or mail us at cs@conferencepanel.com
  • * For Check and ACH payment call us at +1-800-803-7592 or mail us at cs@conferencepanel.com
  • * Click to download the Order Form

Description

HIPAA risk assessments help in identifying and implementing the most effective and appropriate administrative, physical, and technical safeguards to secure electronically protected health information.

A risk analysis is a requirement in federal law. Conducting a risk analysis is the first step in identifying and implementing safeguards that comply with and carry out the standards and implementation specifications of HIPAA. Your healthcare organization should determine the most appropriate way to achieve HIPAA compliance, taking into account the characteristics of the organization and its environment.

Protected health information is subject to HIPAA confidentiality for entities to evaluate risks and vulnerabilities in their environments and to implement reasonable and appropriate security measures to protect against reasonably anticipated threats or hazards to the security or integrity of the information. Risk analysis and assessment is the first step in that process.

Risk analysis requirements under HIPAA require healthcare organizations to implement policies and procedures to prevent, detect, contain, and correct security violations.

Your agency must conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronically protected health information.

In addition to an express requirement to conduct a risk analysis, the HIPAA law indicates risk analysis is a necessary tool for reaching substantial compliance with many other standards and implementation specifications.

The outcome of the risk assessment process is a critical factor in assessing whether an implementation specification or an equivalent measure is reasonable and appropriate.

Elements of a risk analysis include numerous methods of performing risk assessment with no single best practice that guarantees HIPAA compliance. The scope of risk analysis that the HIPAA law encompasses includes the potential risks and vulnerabilities to the confidentiality, availability, and integrity of all confidential information an organization creates, receives, maintains, or transmits.

Healthcare organizations must identify and document reasonably anticipated threats unique to the circumstances of their environment. Organizations must also identify and document vulnerabilities that, if triggered or exploited by a threat, would create a risk of inappropriate access to or disclosure of this protected health information.

Healthcare organizations should assign risk levels for all threat and vulnerability combinations identified during the risk analysis. The level of risk could be determined, for example, by analyzing the values assigned to the likelihood of threat occurrence and the resulting impact of threat occurrence. The risk level determination might be performed by assigning a risk level based on the average of the assigned likelihood and impact levels.

Finalize documentation as a direct input to the risk management process and conduct periodic reviews and updates to the risk assessment, which should be ongoing. A truly integrated risk analysis and management process is performed as new technologies and business operations are planned, reducing the effort required to address risks identified after implementation. Performing the risk analysis and adjusting risk management processes to address risks in a timely manner will allow the covered entity to reduce the associated risks to reasonable and appropriate levels.

In conclusion, risk assessment is the first step in an organization’s HIPAA compliance efforts. It is an ongoing process that should provide the healthcare organization with a detailed understanding of the risks to the confidentiality, integrity, and availability of this protected health information.

Areas Covered

  • Risk assessment under the HIPAA laws
  • Vulnerability, threat, and risk analysis
  • Scope of risk assessment
  • Identifying potential threats and vulnerabilities
  • Assessing security measures in place
  • Determining threat occurrence, likelihood, and impact
  • Finalize documentation of the risk assessment
  • Regular review and updates to risk assessment for new employees, new laws, and new technology
  • The surprising danger of not doing a HIPAA risk assessment

Background

The background for this topic is an introduction to HIPAA compliance which requires a HIPAA risk assessment. HIPAA compliance officers must conduct risk assessments.

Why Should You Attend

HIPAA risk assessments are required by the HIPAA laws themselves. But what do you do when you find breaches and security lapses as a result?

Erase the fear, uncertainty, and doubt about tackling the requirements of HIPAA risk assessments and learn how to do them.

Discover what you need to know about how to conduct a HIPAA risk assessment – and deal with its results effectively.

Who Should Attend

Healthcare law attorneys; licensed healthcare practitioners in private practice in mental health and in physical medicine; medical directors of health facilities; office managers and medical directors of private medical offices; healthcare managers and executives; corporate counsel in health care; healthcare administrators; university faculty in health care and medical records; allied health professionals in graduate-level medical education across the many health care professions; corporate compliance officers; human resource directors and departments.

Mark R Brengelman
Mark R Brengelman

(Attorney at Law, PLLC)

Mark holds Bachelor’s and Master’s degrees in Philosophy from Emory University and a Juris Doctorate from the University of Kentucky.

Retiring as an Assistant Attorney General, he now represents:

  • Healthcare professionals
  • Two government healthcare licensure boards
  • A government ethics commission
  • Parents and kids in confidential child abuse and neglect cases, termination of parental rights, and adoption proceedings

Mark is a frequent continuing education presenter including national organizations around the country.  He helps his clients navigate the law and ethics and make the rules understandable as applied to them.

Mark has worked for all three branches of government.

Registration Options

Choose Your Options

Save $20 - [ HEALTHCPTI ]

Error Conference Exists In Wish-list.

Congrats Conference Added In Wish-list.


Need Corporate Discount ?


  • * For more than 6 attendee call us at +1-800-803-7592 or mail us at cs@conferencepanel.com
  • * For Check and ACH payment call us at +1-800-803-7592 or mail us at cs@conferencepanel.com
  • * Click to download the Order Form
Mark R Brengelman
Mark R Brengelman

(Attorney at Law, PLLC)

Mark holds Bachelor’s and Master’s degrees in Philosophy from Emory University and a Juris Doctorate from the University of Kentucky.

Retiring as an Assistant Attorney General, he now represents:

  • Healthcare professionals
  • Two government healthcare licensure boards
  • A government ethics commission
  • Parents and kids in confidential child abuse and neglect cases, termination of parental rights, and adoption proceedings

Mark is a frequent continuing education presenter including national organizations around the country.  He helps his clients navigate the law and ethics and make the rules understandable as applied to them.

Mark has worked for all three branches of government.