The top takeaway from the $16 million Anthem settlement is that Risk Analysis and Risk Management are central to HIPAA compliance. Failure to complete a thorough annual Risk Analysis and follow the resulting Risk Management Plan could be fatal to your business.
Recent HIPAA audits by OCR also underscore the need to conduct a proper Risk Analysis. Unfortunately, HIPAA Rules do not explain how to do it. OCR's limited 9-page guidance document refers organizations to technical procedures in manuals created by the National Institute of Standards and Technology (NIST) Computer Security.
Division and geared to "the computer security community". Several Federal "Security Risk Assessment Tools" are available but are incomplete, cumbersome and have an explicit disclaimer - use of the tool does not guarantee compliance with federal, state or local laws.
Attend this session to learn the three components of HIPAA Risk Analysis - Risk Management, step-by-step, with the steps demonstrated and explained clearly in plain language. HIPAA Risk Analysis - Risk Management is the basis of your HIPAA Compliance Program. Federal HIPAA Risk Analysis - Risk Management procedures are easy to follow, step-by-step, when you know the steps. This webinar explains and demonstrates those steps.
Why should you Attend:
Risk Analysis - Risk Management is HIPAA Enforcement Priority #1. The Office for Civil Rights (OCR), the HIPAA enforcement arm of the U. S. Department of Health and Human Services (HHS) considers the most serious, most widespread HIPAA deficiency for Covered Entities and Business Associates - surpassing all others - is an organization's failure to perform a HIPAA Risk Analysis and implement a Risk Management program to address its Risks.
OCR recently announced alarming results of the Phase 2 Covered Entity HIPAA Compliance Audits:
- 87% of Covered Entities and 83% of Business Associates failed the Risk Analysis Audit!
- 94% of Covered Entities and 87% of Business Associates failed the Risk Management Audit!
Every audited organization knew well in advance that it was on the short list to be audited, had completed pre-audit questionnaires and knew the exact questions it would be asked and documentation to be provided (audit protocols). Even though they had advance warning most of them failed.
Areas Covered in the Session:
- What a complete HIPAA Risk Analysis - Risk Management program is and how to do one
- Cover Risk Analysis of all PHI - not just electronic PHI.
- Show you how to automate, simplify, document and complete your HIPAA Risk Analysis - Risk Management by an interactive, intuitive process that:
- Identifies and analyzes Risks to all Protected Health Information (PHI) - not just Electronic Protected Health Information (EPHI)
- Manages Identified Risks; and
- Builds your organization's site-specific, customized Risk Management Plan integrated with your HIPAA Policies and Procedures
- How to archive your Risk Analysis - Risk Management compliance for ready reference and inspection by OCR
- Conduct next year's Risk Analysis - Risk Management by simply updating interactive forms you created last year
Craft your next HIPAA Risk Analysis - Risk Management from the data entered in archive - modify and supplement with no need to start from scratch.
Who Will Benefit:
- Health Care Providers of all types - for example:
- Regional Networks of Health Centers
- Community Clinics
- Multi-Specialty Medical Groups
- Long Term Care, Assisted Living and Skilled Nursing Facilities
- Federally Qualified Health Centers
- Home Health Agencies
- Critical Access Hospitals
- Hospitals with satellite locations (Physician Groups, Imaging Centers, Physical Therapy and Wellness Centers, etc.
- Health Care Providers in small group practices such as:
- Physical Therapists
- Behavioral Health Professionals including Licensed Clinical Social Workers
- Business Associates - for example
- Medical Billing and Coding companies
- IT Vendors
- Electronic Health Record Providers
- EHR Consultants
- Practice Management Firms
- CPA and Law Firms
- Third Party Administrators - usually Insurance Brokers
- Health Care Web Site Builders
- Vendors of Healthcare Text Message and Email Communication Products like Appointment Reminders