How to do a HIPAA and HITECH Risk Analysis

Duration: 60 Minutes
flat 40% off on this webinar use promo code
If you cannot remember the last time your organization performed a HIPAA & HITECH Act Risk Analysis, or if you are unsure if your organization has ever performed a Risk Analysis, then this is the webinar for you. Jonathan P. Tomes will cover how to conduct a risk analysis and how to update it as necessary.
HIPAA and HITECH Risk Analysis
Instructor: Jonathan P. Tomes
Product ID: 505027
Failure to conduct a written risk analysis qualifies as "willful neglect," which carries the highest civil money penalty ("CMP") and which penalty cannot be waived by DHHS as violations due to a reasonable cause.

Because a risk analysis is a required implementation specification under the Security Rule, failure to do one is willful neglect. And the civil money penalties are not the only sanctions for not doing a risk analysis. The remediation costs for a breach that might have been prevented had a risk analysis been done can be much more than the CMP. Blue Cross Blue Shield of Tennessee not only had to pay the $1.5 million settlement, but also it incurred $17 million in remediation costs-costs that might have been avoided had it done an updated risk analysis.

Objectives of the Presentation
  • What is risk analysis?
  • Why do you need to do one?
  • How to do one
    • Assemble a good team
    • Identify assets
    • Identify risks
    • Quantify risks
    • Select reasonable, appropriate, and cost effective security measures
    • Test and revise security measures
  • Particular areas to focus on (portable devices, social media, email, and the like)
  • Case study (will walk webinar attendees through the process)
  • Questions and answers
Why Should you Attend
The majority of the DHHS civil money penalties and settlements in lieu thereof involve, sometimes with other violations, failure to perform a written risk analysis. These penalties usually are in the seven figure range. Blue Cross Blue Shield of Tennessee, for example, settled for $1.5 million for failing to update its risk analysis when its physical security situation changed. Other seven-figure settlements involved failure to do the required initial risk analysis.

Who will Benefit
  • HIPAA compliance Officers
  • HIPAA Security Officers
  • HIPAA Privacy Officers
  • Human Resources Directors
  • Business Office Managers
  • Medical Records Personnel
  • Health Care Attorneys
  • Patient Accounts Managers
  • Business Associates
Topic Background
A key requirement of the HIPAA and HITECH regulations is that covered entities and business associates must conduct a comprehensive and thorough assessment of the potential risks and vulnerabilities to the Confidentiality, Integrity, and Availability (CIA) of all electronic Protected Health Information (EPHI). These HIPAA and HITECH mandates require that organizations must complete a comprehensive and thorough vulnerability assessment on a regular schedule.

The guidance published by the Office of Civil Rights states that, "Conducting a risk analysis is the first step in identifying and implementing safeguards that comply with and carry out the standards and implementation specifications in the Security Rule. Therefore, a risk analysis is foundational…". Further, OCR states that, "All EPHI created, received, maintained or transmitted by an organization is subject to the Security Rule. The Security Rule requires entities to evaluate risks and vulnerabilities in their environments and to implement reasonable and appropriate security measures to protect against reasonably anticipated threats or hazards to the security or integrity of EPHI. Risk analysis is the first step in that process."
$300
Recorded Session for one participant
Get life time access with download option!
Book this course
Pay Now
  $450.00 Training CD
Free shipment within 4 Working Days of placing the order. Get life time access for unlimited participants.
  $550.00 Training USB Flash Drive
Free shipment within 4 Working Days of placing the order. Get life time access for unlimited participants.
For multiple location please contact our customer care team +1-510-857-5896.
How it works
Live Session - How it works
  • Login to onlinecompliancepanel with your registered username and password https://www.onlinecompliancepanel.com/login
  • The webinar joining link, username and password for joining the webinar will be updated on your OCP Account 24 hours prior to the webinar
  • Presentation handouts in Downloadable PDF format will be updated on your OCP Account 24 hours prior to the live session
  • Login to the audio conference on the scheduled date and time
  • Get answers to your queries through interactive Q&A sessions via chat at the end of the session
  • Download the Certificate of Attendance and Purchase Invoice from your OCP Account 24 hours after the completion of the session
  • Please let us know your thoughts and views at the end of the webinar, your valuable feedback will help us improve
Recorded Session - How it works
  • Login to onlinecompliancepanel with your registered username and password https://www.onlinecompliancepanel.com/login
  • Upon purchase of the recorded session a link will be updated on your OCP Account within 24 hours
  • Please click on the link to access the Recorded Session
  • Presentation handouts in downloadable PDF format will be updated on your OCP Account within 24 hours of the purchase of the product
  • Download the Certificate of Attendance and Purchase Invoice from your OCP Account after 48 hours of the product Purchase
  • Please share your valuable Feedback at the end of the session
Instructor Profile:
Jonathan P. Tomes, J.D., is a health care attorney. He has written more than 60 books, including "The Compliance Guide to HIPAA and the DHHS Regulations," "The Gap Analysis Survey," "The Risk Analysis ToolKit," and dozens of articles in the area of HIPAA compliance. He has been an expert witness in litigation involving health information compliance issues and is the President of EMR Legal, Inc., a national HIPAA consulting firm. His knowledge of the law and of the practical aspects of setting up a security system provides a rare opportunity for compliance officers and medical records veterans and novices alike. Mr. Tomes has presented seminars nationally for more than 20 years.
View More