Overview:
The Risk Assessment which is required by the HIPAA Security Rule is often overlooked, misunderstood, or it seems to be too complex to even find a starting point. What some organizations find out is that while they brought in a third party auditor to do a "IT network assessment' that they actually did not end up performing a full blow risk assessment.
The webinar will go over what it takes to perform a risk assessment and be in a position where you are continuously updating it.
Sometimes there is confusion between risk analysis and risk management, but it is important to understand the differences of the two and why both are required. We will look at the importance of having a solid Risk Management Plan and how to use that plan to drive your risk assessment. In addition, understanding what the differences are between risk, threats and vulnerabilities and how they apply to your organization are critical first steps to help guide your assessment.
We will also look at the eight risk analysis and three risk management steps as outlined by CMS. When OCR comes knocking on your door and asks, "What is your risk assessment methodology?" How could they dispute using the methodology provided by CMS?
By the end of the webinar, you will have the steps necessary to create a risk management plan that will guide you through how to implement the eight risk analysis steps. Then we will look at what the mitigation plan is and how you can use to help prove that not only that you have done a risk assessment, but also are actively working towards remediating the threats and vulnerabilities discovered.
Why should you Attend:
What is the first thing that the Office of Civil Rights asks for when they show up on your door to investigate a breach? The organization's Risk Management Plan and your most recent Risk Assessment. Surprisingly, some of the largest organizations, which got breached, could not produce either. Guess what? They ended up with millions of dollars in fines and penalties.
Have you collected money for Meaningful Use in the past? For each provider, you are asked if you have performed a risk assessment. For many organizations this box was checked, but then during a post breach investigation none could be produced. Guess what happened to them? They were required to return the money collected from the Meaningful Use attestation for each provider and in some cases charged with fraud.
The time is now to both perform your first risk assessment or brush off the cobwebs and get it updated. This webinar will teach you everything you need to know to get started.
Areas Covered in the Session: