Apart from offering an explanation of the variables that need to be considered; Brian will also discuss specific questions the Office of Civil Rights investigators and FBI are likely to ask and the ways of giving them the best answer. This very valuable session on ransomware and HIPAA risks will educate participants on the ways of preventing a breach altogether.
Objectives of the Presentation
- Taking measures to implement a security management process, of which carrying out a risk analysis that helps identify vulnerabilities and threats to the PHI and implementing steps to mitigate these are a part
- Putting in place measures that detect and guard against malicious software
- Helping to protect data by training users on malicious software about identifying and reporting these, and
- Putting in place access controls by which only designated personnel are authorized and permitted access
These measures on ransomware and HIPAA risks sit along with the existing Security Rule of the HIPAA, which has its own set of steps and rules that need to be taken to protect data privacy.
Why Should you Attend
Ransomware can be defined in simple terms as malicious software that is different from other kinds of malware. It differs fundamentally by attempting to deny access to a user's data at the source. Ransomware hackers encrypt the data with a key that is known only to them, and release it only after a ransom is paid to them by the user. Ransomware and HIPAA risks have come together after the realization by the HHS about the dangers of this kind of malware.
Business Associates and Covered Entities are in for a jolt when HIPAA investigations relating to ransomware breaches find malpractices. It can ruin the said practice or business. If ransomware is detected, HIPAA considers it a serious breach of security. Such an entity is heavily penalized, and its reputation is at stake.
Who will Benefit
- What is ransomware
- What are risk factors
- What to do if hijacked
- Audit Process
- What can cause an audit
- How to avoid these issues altogether
- What to do in the event of an audit
- How to speak and deal with Federal auditors
- Risk Assessment
- Best resources
- Practice managers
- Any business associates who work with medical practices or hospitals (i.e. billing companies, transcription companies, IT companies, answering services, home health, coders, attorneys, etc)
- MD's and other medical professionals
- Compliance Officer
- HIPAA Privacy Officer
- HIPAA Security Officer
- Medical/Dental Office Managers
- Information Systems Manager
- Chief Information Officer
- General Counsel/lawyer
- Practice Management Consultants
- IT Companies that support Medical/Dental practices or other healthcare organizations
Ransomware and HIPAA risks are now inseparable. After a lot of deliberation, ransomware has now become part of HIPAA compliance for Business Associates and Covered Entities that have to show HIPAA compliance. This became official on July 11, 2016, when the HHS issued a new guideline that makes ransomware attacks part of reportable HIPAA breaches. HIPAA's new guideline suggests steps that need to be taken by Business Associates and Covered Entities to identify a ransomware attack and report it, thereby preventing the potential loss it causes to PHI.