How to do a HIPAA and HITECH Risk Analysis

Product Id IQW18K1103
Level Basic & Advanced
Duration 90 Mins
Schedule Thursday, November 15, 2018 | 10:00 AM PST | 01:00 PM EST
Change Timezone

  • Description
  • Why should you attend
  • Areas covered
  • Who will benefit
  • Speaker

A key requirement of the HIPAA and HITECH regulations is that covered entities and business associates must conduct a comprehensive and thorough assessment of the potential risks and vulnerabilities to the Confidentiality, Integrity, and Availability (CIA) of all electronic Protected Health Information (EPHI). These HIPAA and HITECH mandates require that organizations must complete a comprehensive and thorough vulnerability assessment on a regular schedule.

The majority of the DHHS civil money penalties and settlements in lieu thereof involve, sometimes with other violations, failure to perform a written risk analysis. These penalties usually are in the seven figure range. Blue Cross Blue Shield of Tennessee, for example, settled for $1.5 million for failing to update its risk analysis when its physical security situation changed. Other seven-figure settlements involved failure to do the required initial risk analysis.

  • What is risk analysis?
  • Why do you need to do one?
  • How to do one
  • Assemble a good team
  • Identify assets
  • Identify risks
  • Quantify risks
  • Select reasonable, appropriate, and cost effective security measures
  • Test and revise security measures
  • Particular areas to focus on (portable devices, social media, email, and the like)
  • HIPAA compliance Officers
  • HIPAA Security Officers
  • HIPAA Privacy Officers
  • Human Resources Directors
  • Business Office Managers
  • Medical Records Personnel
  • Health Care Attorneys
  • Patient Accounts Managers
  • Business Associates

Jonathan P. Tomes is a national HIPAA compliance consultant and attorney admitted in Illinois, Missouri, Kansas, and Oklahoma who practices in Kansas City, Kansas, and the greater Kansas City area. After he had retired from the U.S. Army as a JAGC officer, having been a military judge (which taught him how to read and interpret government regulations) and having spent several years as a military intelligence officer (which taught him about gathering and using information), he taught law at IIT Chicago-Kent College of Law before he opened his own private law practice. Mr. Tomes is President of EMR Legal, a national HIPAA compliance consulting firm. EMR Legal has consulted and trained over 1,000 HIPAA clients since 1998, ranging from Federal, State and County governments to large hospitals to small practices. Jon is currently working on an online HIPAA training video and an online HIPAA risk assessment.

For Bulk bookings & other queries, contact: