How to Perform a HIPAA Risk Assessment
In this session Speaker will explain how to perform a PROPER risk assessment point by point and how to write policies and procedures, also why the risk assessment is important to the health care organization and business associates, and provides that reasons that a risk assessment is required in a health care organization and who needs to perform the assessment.
Overview:
The primary goal of this session is to demonstrate why the health care organization needs to perform a risk assessment and how to perform the risk assessment.
This includes a description of the types of breaches of protected health information that have already occurred and the reasons those breaches happened. The presentation then provides that reasons that a risk assessment is required in a health care organization and who needs to perform the assessment.
There are a number of approaches available both for purchase on the web and performed by professionals on site. This discussion helps the participant determine which approach is best for their health care organization and what portions of the assessment are most important to the organization.
The topic addresses the key components of a risk assessment and how to perform the risk assessment. This includes how to define the specific risks, how to know, how to assess the likelihood and impact of the risk and the final determination on the level of severity of the risk for the organization.
Finally, the session explains how to interpret the results of the risk assessment, how to use the results of the risk assessment for preparing the health care organization's policies and procedures and how to conduct the HIPAA training for its staff.
Why should you Attend: In addition to the negative publicity and potential fines, a breach of a patient's health information often leads to litigation which is also time consuming and costly. The way to avoid these situations is to perform a Risk Assessment to understand where the health care organization is risk of an unauthorized breach and provide a basis for becoming HIPAA compliant.
There are three reasons why a Risk Assessment is necessary:
- First, both the HIPAA Privacy and Security Regulations require a Risk Assessment for the organization to be HIPAA compliant
- Second, as a result of the Risk Assessment the organization knows where it needs to address its efforts to minimize its risk
- Third, if a breach should occur, a Risk Assessment is a demonstration that the health care organization has used reasonable diligence and either eliminate fines or keep them to a minimum
Areas Covered in the Session:
- Why the risk assessment is important to the health care organization and business associates
- What is important to consider in doing a risk assessment
- How to do a risk assessment
- When to look for outside assistance
- How to link your assessment to your training responsibilities
- How to interpret the results of the risk assessment
- What to do with the results of your assessment
Who Will Benefit:
- Health Care Organization Ownership
- Office Management
- Work Staff
- Business Associates
- Physicians
Speaker Profile
In working with health care organizations he has developed processes and procedures related to improving the provision of health care services, measuring the outcomes of those services and the addressing the impact of these factors on the reimbursement models. He has lead the effort for developing an ACO to serve Medicaid and Medicare beneficiaries and has presented this course as a reference for participants at a recent Healthcare Financial Management Association National Conference.