Meaningful Use and Risk Analysis - What It Means and How to Get Started

Duration: 90 Minutes
Instructor: Chris Apgar
Webinar Id: 800089


One Attendee


An accurate assessment of potential risks is essential to your entity's health in relation to ongoing compliance with privacy and security regulations.

If you use, disclose or store ePHI (electronic Protected Health Information), HIPAA's Security Rule mandates that covered entities and business associates periodically conduct a Risk Analysis. The Security Rule describes the Risk Analysis as including "an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of electronic Protected Health Information." This also applies to non-electronic PHI per the HIPAA Privacy Rule.

To prove meaningful use and take advantage of EHR incentive dollars (Medicare Part B, Medicare Advantage and Medicaid incentives), you must conduct a Risk Analysis.

Stage 1 requirements for EHR (electronic health record) meaningful use for eligible professionals or eligible hospitals and critical access hospitals (CAHs) include protecting electronic health information as a core objective. CMS measures whether or not an entity meets the core objective based on that entity's completion of a Risk Analysis that satisfies the conditions of the associated Code of Federal Regulations.

This webinar will assist hospitals and EPs in understanding the Risk Analysis cycle, including:

  • Data collection
  • Prioritized asset inventory review
  • Threat and vulnerability identification
  • Existing security control evaluation
  • Impact and cost assessment
  • Risk Level Assignment

Areas Covered in the Session:
  • Meaningful Use EHR incentives overview
  • Risk analysis attestation
  • HIPAA Security Rule risk analysis and risk management requirements overview
  • Review of risk analysis methodology (step-by-step)
  • Review of an risk analysis policy and procedure
  • Evaluation of existing controls
  • Likelihood and Impact
  • Risk Level Assignment
  • Mitigation and Documentation
  • Risk Management
  • Resources

Who Will Benefit:
  • Health Care Professionals
  • Practice and HIM Management
  • CIOs
  • Privacy Officers
  • Security Officers
  • Risk Managers
  • Compliance Officers
  • Legal Counsel
  • Human Resources

Speaker Profile
Chris Apgar , CISSP, CEO and President of Apgar & Associates, LLC and former HIPAA Compliance officer for Providence Health Plans, is a nationally recognized information security, privacy, national identifier, HIPAA & electronic health information exchange expert. He has over 13 years of experience assisting health care organizations comply with HIPAA, HITECH and other privacy and security regulations. Mr. Apgar also has assisted health care, utilities and financial organizations implement privacy and security safeguards to protect against organizational harm and harm to consumers.

Mr. Apgar is a member of the Workgroup for Electronic Data Interchange (WEDI) Board of Directors member and has served on the Board for more than six years. Mr. Apgar continues to Chair the Oregon & SW Washington Healthcare, Privacy and Security Forum for the 12th year. Mr. Apgar recently joined the State of California Office of Privacy Protection project team charged with developing educational material for health care providers, health plans and consumers regarding medical identity theft and prevention. He is also a member of the Oregon Prescription Drug Monitoring Program Advisory Commission.

Apgar & Associate, LLC clients range from small to large health plans, providers, healthcare clearinghouses, vendors, non-profits, government agencies and health care associations. He has been endorsed by the Oregon Medical Association to assist members with privacy, security and regulatory compliance. Mr. Apgar is also a nationally known speaker and author. More information about Mr. Apgar and Apgar & Associates, LLC can be found at

You Recently Viewed