The Security Risk Assessment - Why Should it be done, and How Best to do it!

Duration: 60 Minutes
Instructor: Stanley Nachimson
Webinar Id: 801558


One Attendee
Unlimited Attendees ?

In this webinar you will learn how to Prioritize your Risks and Remediation, The Risk Assessment is the backbone of any successful security program in a health care entity.


A risk assessment is the first step for any organization to take in developing their plan to protect their health card data and systems.

It is a thorough analysis and categorization of the organization's data, computer software, hardware, physical location, and employee access and responsibilities. In a detailed step by step process, each of these areas is catalogued, and then potential vulnerabilities are identified, along with the impact of that vulnerability and its likelihood of happening.

Costs of the vulnerability, as well as potential costs to remediate against that vulnerability must also be determined. Given this information, the organization can then make good decisions on what type of a security program is necessary, how does it fit within the organization's budget,capabilities and strategic plan, and what the next steps are.

Why should you Attend: How do you know your entity is protected against security threats, computer viruses, data breaches, and shutdowns? Where do you even start? The risk assessment is the basis for all of your security plans, procedures and policies. Without such an assessment, you do not know what data and systems are at risk, what you currently have in place, and where you may be vulnerable.

You may not even know where to start. And, you are at risk of HIPAA violations and losing CMS funding for your Electronic Health Record activities. Any entity who has not done risk assessments on a regular basis (at least once a year) has an issue and should be listening to this webinar

Areas Covered in the Session:

  • Definition of Risk Assessment
  • Federal Regulatory and Compliance Requirements for the Assessment
  • Identifying what Needs to be Assessed
  • Defining the Data that an Organization Holds
  • Looking at Internal Systems
  • Identifying Vendors and Partners and their Risks
  • Risk Assessment Tools
  • How to Prioritize your Risks and Remediation

Who Will Benefit:
  • Security
  • Privacy Officers
  • CIOs
  • CSOs
  • Physician Office Managers
  • Health Care Provider Managers

Speaker Profile
Stanley Nachimson is principal of Nachimson Advisors, a health IT consulting firm dedicated to finding innovative uses for health information technology and encouraging its adoption.

The firm serves a number of clients, including, the Cooperative Exchange, EHNAC, and InstaMed, Stanley is focusing on assisting health care providers, vendors, and plans with understanding the regulatory environment, assisting in implementation of regulation requirements, and providing advice on HIT industry status and trends. Stanley is the author of the authoritative paper on the cost of ICD-10 for physician practices, and is an active member of HIMSS, WEDI, and X12.

Stanley served for over 30 years in the US Department of Health and Human Services in a variety of statistical, management, and health technology positions. His last ten years prior to his 2007 retirement were spent in developing HIPAA policy, regulations, and implementation planning and monitoring, beginning CMS’s work on Personal Health Records, and serving as the CMS liaison with several industry organizations, including WEDI and HITSP. He brings a wealth of experience and information regarding the use of data, standards and technology in the health care industry.

You Recently Viewed