Effective Security Risk Analysis for HIPAA Covered Entities and Business Associates

Duration: 60 Minutes
Instructor: Keith Mattox
Webinar Id: 800185


One Attendee


The primary objective of this 60 minute webinar is to help organization identify the key vulnerabilities in ePHI and EHR systems by reviewing the steps required to complete the security risk analysis and successfully attest to Meaningful Use incentive program. In addition, one of the Meaningful Use (MU) core objectives for eligible professionals and hospitals is to conduct thorough technical risk analysis of EHR and ePHI systems.

Why should you attend:Many health care organizations and their business associates understand they are not meeting the HIPAA compliance requirements for risk analysis and they are concerned this could result in stiff fines and penalties. Do I have to hire an outside security consultant to perform a risk analysis? How can I make sure they focus on the core requirements to protect ePHI and a possible OCR audit, without breaking our budget or requiring an inordinate amount of time? Are there resources available that our team can use that do not require someone with a security background?

We will guide you through the requirements for a HIPAA risk analysis as specified by the OCR, with clear explanation of each:

  • Provide you with a clear method to complete a risk analysis.
  • Show you practical tools and resources that are freely available to be used by security professionals and HIPAA compliance professionals to complete the risk analysis – even those without a security background.
  • Identify the top security threats and vulnerabilities to ePHI -- and what you will need to do to protect your organization in a way that is practical and cost effective.

Areas Covered in the Session:
  • A clear understanding of a risk analysis and requirements under HIPAA/HITECH
  • How to inventory ePHI, map out systems in scope, identify and prioritize risk
  • An easy to follow method to complete a risk analysis
  • The most efficient processes to minimize time and maximize effectiveness
  • Learn about practical tools and resources for conducting and documenting a risk analysis
  • The most common threats and vulnerabilities to ePHI - and cost effectives ways to protect it

Who Will Benefit:
  • Heatlhcare Compliance
  • Security and Privacy Professional

Educational Objectives(S)
Upon completion of this activity, participants will be able to:
  • Identify the key vulnerabilities in ePHI and EHR systems by reviewing the steps required to complete the security risk analysis and successfully attest to Meaningful Use incentive program.

CME Credit Statement
This activity has been planned and implemented in accordance with the Essential Areas and Policies of the Accreditation Council for Continuing Medical Education (ACCME) through the joint sponsorship of CFMC and MentorHealth. CFMC is accredited by the ACCME to provide continuing medical education for physicians.

CFMC designates this educational activity for a maximum of 1 AMA PRA Category 1 Credit™. Physicians should only claim credit commensurate with the extent of their participation in the activity.

Other Healthcare Professionals Credit Statement
This educational activity has been planned and implemented following the administrative and educational design criteria required for certification of health care professions continuing education credits. Registrants attending this activity may submit their certificate along with a copy of the course content to their professional organizations or state licensing agencies for recognition for 1 hour.

Disclosure Statement
It is the policy of Colorado Foundation for Medical Care (CFMC) and MentorHealth that the faculty discloses real or apparent conflicts of interest relating to the topics of the educational activity. All members of the faculty and planning team have nothing to disclose nor do they have any vested interests or affiliations.

Obtaining Certificate of Credit

Colorado Foundation for Medical Care (CFMC) hosts an online activity evaluation system, certificate and outcomes measurement process. Following the activity, you must link to CFMC's online site (link below) to complete the evaluation form in order to receive your certificate of credit. Once the evaluation form is complete and submitted, you will be automatically sent a copy of your certificate via email. Please note, participants must attend the entire activity to receive all types of credit. Continuing Education evaluation and request for certificates will be accepted up to 60 days post activity date. CFMC will keep a record of attendance on file for 6 years.

Speaker Profile
Keith Mattox is a Senior Consultant at Clinical Security, LLC. Mr. Mattox has ten years’ experience as a consultant providing information security and compliance solutions. As a program manager with 25 years of IT experience, he has led the development and implementation of information security and compliance programs for financial institutions, pharmaceutical companies and healthcare organizations. Mr. Mattox most recently served as a security consultant for a de novo internet bank and as the interim CISO for a large county hospital system. He is based in Raleigh, North Carolina. Mr. Mattox is a Certified Information Systems Security Professional (CISSP), Project Management Professional (PMP) and Certified HIPAA Professional (CHP.

Mr. Mattox is affiliated the Project Management Institute, the International Information Systems Security Certification Consortium ((ISC)2), the Information System Security Association (ISSA), Information Systems Auditing and Control Association (ISACA), and Infragard.

You Recently Viewed