How to Perform a HIPAA Risk Assessment and Write Policies
|Speaker||:||Brian L Tuttle|
The Feds have increased the civil monetary penalties on practices that are not HIPAA compliant. Practices have been hit hard with fines as high as $1,500,000 for HIPAA breaches, and the Agency is getting ready to announce its next big round of audits (Phase 2). And the #1 area for non-compliance is a lack of a documented risk assessment plan.
Have you ever done a HIPAA Risk Assessment? Do you know a risk assessment is the first thing the Feds will ask for in an audit? Is your risk assessment adequate? Do you have written policies in place for every single one of the implementation specification of the HIPAA Security Rule (even ones that don't apply) - do you know this is required!! This webinar will show you how to conduct a proper risk assessment point by point and how to also avoid scams in the market. The speaker has worked on behalf of the Federal government as a contracted auditor and has a unique perspective on this.
We will also be discussing the absolute importance of doing a risk assessment and that this is the first thing the OCR will ask for. The speaker will instruct the listeners on how to write proper policies and procedures which are to be based upon the findings of the risk assessment and how to word the policies to satisfy the Fed. We will also discuss the importance of having policies which are consistent with your procedures and also discuss the negative ramification of cookie cutter templates in the eyes of a federal auditor.
Why Should You Attend:
This course will cover the proper methodologies on conducting a HIPAA Risk Assessment based on the formula used by Federal auditors and via the guidelines of the NIST (National Institute of Standard for Technologies). The course will also cover the most important aspects to be aware of in terms of the Federal auditing process as well as the new risks regarding patients suing for wrongful disclosures.
Objectives of the Presentation:
Attending Brian's training session will provide you with a clear HIPAA compliance path. You'll also have confidence that you're protected against the hassle of a HIPAA audit, and the potential fines and penalties that could follow. Specifically, after attending this webinar, you'll be able to:
- Reduce your chances of being audited by successfully completing a HIPAA risk assessment
- Dispelling myth vs reality
- Understanding each part of the HIPAA Security Rule
Areas Covered in the Session:
- NIST based risk assessment - how to conduct and resourced
- Policies and procedures
- Risk assessment - is not a once and done, must be ongoing and typically annual
- Where to find templates for risk assessment
- How to avoid scams in the market
- Business associates and the increased burden
- How to write policies and procedures based on risk
- Updates for 2019
Who will Benefit:
- Practice Managers
- MDs and other Medical Professionals
- Business Associates
- Compliance Directors
- Privacy/Security Officers
- CIO/Information Systems Managers
- HIPAA Officers
- Health Information Managers
- Healthcare Counsel/Lawyers
- Contracts Managers
- Any business associates who work with medical practices or hospitals (i.e. billing companies, transcription companies, IT companies, answering services, home health, coders, attorneys, etc.)
Brian L Tuttle, CPHIT, CHP, CBRA, Net+, A+, CCNA, MCP is a Certified Professional in Health IT (CPHIT), Certified HIPAA Professional (CHP), Certified Business Resilience Auditor (CBRA) with over 15 years’ experience in Health IT and Compliance Consulting. Mr. Tuttle has worked with MAG Mutual Healthcare Solutions and is now Senior Compliance Consultant and IT Manager with InGauge Healthcare Solutions (previously named MAG Mutual Healthcare Solutions). Almost all of Brian’s clients are earned by referral with little or no advertising. Brian is well known and highly regarded in medical circles throughout the United States.