NIST/OCR - HIPAA Risk Analysis and Risk Management Explained Step-by-Step

Webinar Details

Speaker

Paul R. Hales

Industry

HIPAA and Compliance Conference

Speciality

HIPAA and Compliance Conference

Available

All Days

Duration

60 Minutes


Registration Options

Choose Your Options

Save $20 - [ HEALTHCPTI ]

Error Conference Exists In Wish-list.

Congrats Conference Added In Wish-list.



Need Corporate Discount ?

Find More Webinars Of : HIPAA and Compliance Conference

  • * For more than 6 attendee call us at +1-800-803-7592 or mail us at cs@conferencepanel.com
  • * For Check and ACH payment call us at +1-800-803-7592 or mail us at cs@conferencepanel.com
  • * Click to download the Order Form

Description

Risk Analysis and Risk Management (RA-RM) are OCR’s top enforcement priority and the basis of every HIPAA Compliance program. RA-RM steps are easy to follow – if you know the steps. But the HIPAA Rules do not lay out specific RA-RM steps. According to OCR, the HIPAA RA-RM steps are easy to find. They simply are certain procedures explained by the National Institute of Standards and Technology (NIST) in manuals that are free to download. Nevertheless, the largest, most important nationwide HIPAA violation is failure to perform HIPAA-compliant RA-RM as revealed by OCR on December 17, 2020, when it published shocking results of its Phase 2 HIPAA Compliance Audits. OCR found:

  • 86% of covered entities and 83% of business associates failed the Risk Analysis Audit and
  • 94% of covered entities and 88% of business associates failed the Risk Management Audit.

They failed despite the fact that they had been provided with all the audit questions and a list of the documents they would be required to provide well in advance and knew they were short-listed to be audited!

A problem may be that the NIST manuals recommended by OCR are somewhat technical. This webinar de-codes and de-mystifies the NIST manuals to explain in plain language, step-by-step, exact RA-RM procedures, methods, and key terms such as Risk, Threat, Vulnerability, Impact, Likelihood, and Control.

The steps are easy to follow when you know the steps.

The webinar covers HIPAA Security Rule RA-RM which applies to Protected Health Information (PHI) transmitted or maintained Electronically (EPHI). But every organization has PHI in other forms and formats – Non-EPHI. The HIPAA Privacy Rule requires administrative, technical, and physical safeguards to protect all PHI. NIST procedures are applicable to RA-RM of PHI in any form or format. And every organization has that kind of PHI, for example, paper records, forms, schedules, etc.

This webinar explains how to protect your organization by identifying the risks and managing those risks to all PHI in every form and format. It will turn HIPAA RA-RM mystery into mastery. You’ll learn how to perform the steps and create the documentation you need to pass an OCR audit. Most important, however, you’ll see how to identify and manage Risks to the Privacy and Security of protected health information (PHI) maintained and transmitted in any form that seriously endangers your organization’s well-being.

You’ll see HIPAA RA-RM is easy to do step-by-step – when you know the steps.

Areas Covered

  • OCR Guidance – How to do Risk Analysis & Risk Management
    • HIPAA Risk Analysis and Risk Management
    • NIST HIPAA RA-RM Procedures & NIST Risk Management Framework
  • HIPAA RA-RM in 3 Acts
    • Act 1 – Setup – Risk Analysis Assemble Information – Identify, Document and Assess level of Risks
    • Act 2 – Confrontation – Risk Management – Documented Actions to Manage Risks
    • Act 3 – Resolution – Risk Management Program – Focused on your Organization’s Risks – Documented and Active
  • Dangers senior management, owners and organizations face if they fail to do HIPAA RA-RM
  • Clear, easy to understand explanation of HIPAA Risk Analysis and Risk Management following NIST procedures demonstrated onscreen by illustrations from interactive software based on NIST procedures interlinked with HIPAA standards, implementation specifications and compliance policies and procedures
  • How administrative staff of Covered Entities and Business Associates of any size can complete a HIPAA RA-RM efficiently every year with step-by-step guidance even if they have never done one before

Why Should You Attend

Failure to do HIPAA RA-RM puts your organization in grave danger. This webinar will show you how to do a complete HIPAA RA-RM step-by-step and how easy it is to follow those steps when they are explained.

You should attend this webinar to learn why you must worry about not doing a HIPAA RA-RM properly – and how you can stop worrying by simply doing a HIPAA RA-RM as required every year.

Who Should Attend

All Health Care Covered Entities:-

  • Practice Managers – Covered Entities
  • HIPAA Compliance Officials
  • HIPAA Privacy Officers
  • HIPAA Security Officers
  • Patient Engagement Officials
  • Health Information Technology Supervisors
  • Risk Managers – Covered Entities
  • Health Care Providers  practicing as individuals or in small groups
  • Group Health Plan Administrators
  • Third-Party Group Health Plan Administrators
  • Covered Entity Senior Management and Owners
  • Attorneys for Covered Entities – In-house and Outside Counsel
  • Compliance Committee – Covered Entity Board of Trustees
  • C-Suite Executives – all Covered Entities
  • Chief Compliance Officer – all Covered Entities

All Business Associates:-

  • Billing and Coding companies
  • Practice Management Companies
  • IT Vendors
  • Data Storage firms (electronic and paper)
  • Secure and insecure providers of PHI Email and Text Message services
  • Vendors of patient satisfaction surveys
  • Law Firms representing Health Care Providers & Business Associates
Paul R. Hales
Paul R. Hales

(Health Privacy Attorney)

Paul R. Hales, J.D. is widely recognized for his ability to explain HIPAA Rules clearly in plain language. He is an attorney licensed to practice before the Supreme Court of the United States, a graduate of Columbia University Law School, and a Senior Counselor of the Missouri Bar with an international practice in HIPAA privacy and security. Paul is the author of all content in The HIPAA E-Tool®, an Internet-based, complete HIPAA compliance solution with separate editions for Covered Entities, Business Associates, Health Plans, and Third Party Administrators.

Registration Options

Choose Your Options

Save $20 - [ HEALTHCPTI ]

Error Conference Exists In Wish-list.

Congrats Conference Added In Wish-list.


Need Corporate Discount ?


  • * For more than 6 attendee call us at +1-800-803-7592 or mail us at cs@conferencepanel.com
  • * For Check and ACH payment call us at +1-800-803-7592 or mail us at cs@conferencepanel.com
  • * Click to download the Order Form
Paul R. Hales
Paul R. Hales

(Health Privacy Attorney)

Paul R. Hales, J.D. is widely recognized for his ability to explain HIPAA Rules clearly in plain language. He is an attorney licensed to practice before the Supreme Court of the United States, a graduate of Columbia University Law School, and a Senior Counselor of the Missouri Bar with an international practice in HIPAA privacy and security. Paul is the author of all content in The HIPAA E-Tool®, an Internet-based, complete HIPAA compliance solution with separate editions for Covered Entities, Business Associates, Health Plans, and Third Party Administrators.