HIPAA and the Meaningful Use incentive program requires security and privacy risk analysis be performed on a routine basis and recommends they be made a part of a 'Culture of Compliance' which defines the organization's compliance program. Both the Security Risk Analysis (SRA) and Privacy Risk Analysis (PRA) are detailed and complex undertakings.
HIPAA has undergone rule changes and increased enforcement and other parties are also upping the ante on enforcement and therefore increasing the liability to providers of care, other Covered Entities (CE), Business Associates (BA) and Subcontractors. HIPAA Compliance Programs face a fundamental challenge in assessing and ensuring that they are meeting both the security as well as the privacy rules. Participation in the ONC - CMS Meaningful Use Program requires a HIPAA Security Risk Analysis each year of the program and the HIPAA rules them elves de facto mandate the performance of audits, assessment or analysis of your organization in relation to the rules.
Why Should you Attend
- Increasing risks for Privacy and Security Non-Compliance
- OCR Audits
- Requirements for HIPAA Risk Analysis
- Security Risk Analysis
- Privacy Risk Analysis
- Risk Analysis Methodology
- Actions to reduce liabilities & risks
HIPAA and other forms of privacy and security investigations, enforcement and audits are at an all-time high. Being proactive with privacy and security compliance, especially in the areas of Security and Privacy Risk Analysis will reduce risks of penalties, lawsuits and other unwanted effects from violations. This presentation offers strategies and information that will assist any organization in planning and performing Security and Privacy Risk Analysis.
It is recognized within the industry that OCR should be issuing new audit program rules at any point in the near future. But we have been awaiting these rules for over a year. This presentation will address the new rules if they are issued prior to the session, if not there are plenty of other preparatory steps any covered entity (CE) or business associate (BA) can take which will be addressed within the presentation.
Objectives of the Presentation
Who can Benefit
- Attendees will be explained the differences and relationships between security And Privacy Risk Analysis and the OCR Audit program
- Understanding the OCR 2012 and 2015 Audit programs. 2012 has been completely analyzed, the 2015 program, at this point is still awaiting final release. Preliminary information is available and will be shared with the attendees
- The increasing environment of enforcement and penalties, including CMS taking back Meaningful Use funds for missing or improper Security Risk Analysis
- Key elements of a Privacy and Security Risk Analysis
- Tools commonly found for Privacy and Security Risk Analysis
- Differences between physician practice and hospital Privacy and Security Risk Analysis
- Privacy Officer
- Security Officer
- Office Manager
- Practice Manager
- HIM Director
- Compliance Officer
- Privacy Staff
- Security Staff
- CIO, IT Director
- IT Manager, IT staff
- Foundation Manager
- All other healthcare parties that need to be updated on HIPAA, privacy and security
- Anyone performing security and/or privacy risk analysis, assessment or audits