Effective Risk Analysis for HIPAA Covered Entities and Business Associates

Why Should You Attend:

• Have you identified the e-PHI within your practice? This includes e-PHI that you create, receive, maintain or transmit.
• What are the external sources of e-PHI? For example, do vendors or consultants create, receive, maintain or transmit e-PHI?
• What are the human, natural, and environmental threats to information systems that contain e-PHI?
• Do you want to attest to EHR incentive program by completing your security risk analysis?

The primary objective of this 60 minute webinar is to help your organization identify the key vulnerabilities in ePHI and EHR systems by reviewing the steps required to complete the security risk analysis and successfully attest to Meaningful Use incentive program. The presenter will guide you through the requirements for a HIPAA risk analysis as specified by the OCR, with clear explanation of each. We will outline a easy-to-follow method to complete a risk analysis. You will also learn about practical tools and resources for conducting and documenting a risk analysis.

Areas Covered in the Webinar:

• A clear understanding of a risk analysis and requirements under HIPAA/HITECH
• How to inventory ePHI, map out systems in scope, identify and prioritize risk
• An easy to follow method to complete a risk analysis
• The most efficient processes to minimize time and maximize effectiveness
• Learn about practical tools and resources for conducting and documenting a risk analysis
• The most common threats and vulnerabilities to ePHI - and cost effectives ways to protect it

Who will benefit:

This course will benefit medical offices, practice groups, hospitals, academic medical centers, insurers and business associates (shredding, data storage, systems vendors, billing services, etc). The following personnel will find this session valuable:

• Compliance director
• CEO
• CFO
• Privacy Officer
• Security Officer
• Information Systems Manager
• HIPAA Officer
• Chief Information Officer
• Health Information Manager
• Healthcare Counsel/lawyer
• Office Manager
• Contracts Manager

Instructor Profile:

Keith Mattox, is a Senior Consultant at Clinical Security, LLC. Mr. Mattox has ten years’ experience as a consultant providing information security and compliance solutions. As a program manager with 25 years of IT experience, he has led the development and implementation of information security and compliance programs for financial institutions, pharmaceutical companies and healthcare organizations.

Mr. Mattox most recently served as a security consultant for a de novo internet bank and as the interim CISO for a large county hospital system. He is based in Raleigh, North Carolina.

Mr. Mattox is a Certified Information Systems Security Professional (CISSP), Project Management Professional (PMP) and Certified HIPAA Professional (CHP.

His areas of specialization include:

• Information security policy, procedures, and standards
• Security awareness and privacy development and program management
• Security training needs and gap analysis
• 3rd party assessments and compliance reviews
• Project and program management
• Information security risk management

Mr. Mattox is affiliated the Project Management Institute, the International Information Systems Security Certification Consortium ((ISC)2), the Information System Security Association (ISSA), Information Systems Auditing and Control Association (ISACA), and Infragard.

Follow us :