How to do HIPAA Risk Analysis and Risk Management Step-by-Step

Date : June 07, 2023 | EST : 01:00 PM | PST : 10:00 AM | Duration : 60 Minutes
Product Code : AG1910 | Speaker : Paul Hales

Introduction

The Problem Solved by this Webinar

The HIPAA Rules require Covered Entities and Business Associates to do Risk Analysis and Risk Management (RA-RM). But the Rules do not explain how to do RA-RM.  Five years after RA-RM became mandatory, OCR published guidance directing that organizations subject to HIPAA compliance should follow the RA-RM process developed by the National Institute of Standards and Technology (NIST).

This webinar clearly explains how to do HIPAA RA-RM by laying out each step of the NIST RA-RM process that fall neatly in three parts concluding with an easy to follow demonstration. You will receive a handout illustrating all the steps. HIPAA RA-RM is easy to do step-by-step – when you know the steps.

Important Considerations

OCR regularly publishes Resolution Agreements following investigations of HIPAA violations by organizations due to Risks that should have been identified and could have been managed by a proper Risk Analysis. OCR consistently calls Risk Analysis the foundation of every HIPAA Compliance program. RA-RM failures by large and small organizations have caused the private health information of hundreds of millions of Americans to be stolen. 

RA-RM Federal Audit

On December 17, 2020 OCR published shocking results of its Phase 2 HIPAA Compliance Audits. Each covered entity and business associate knew they were short-listed to be audited. OCR provided the exact questions they would be asked and the documents they would be required to show well in advance of the audit. Nevertheless, the audit found:

86% of covered entities and 83% of business associates failed the Risk Analysis Audit and94% of covered entities and 88% of business associates failed the Risk Management Audit

Areas Covered In The Webinar

OCR Guidance – Risk Analysis and integrated Risk Management process

  • OCR Reliance on NIST Procedures –  the standard for best practices
  • NIST Sources – HIPAA RA-RM and NIST Risk Management Framework

OCR Audit – National Crisis – Widespread Failure to do RA-RM

  • Inexcusable, Unnecessary and Dangerous  

OCR/NIST HIPAA RA-RM Process explained simply – It’s just a 3 Act Play

  • Act 1 – Setup – Risk Analysis
  • Assemble Information – Identify, Document and Assess level of Risks
  • Act 2 – Confrontation – Risk Management – Documented Actions to Manage Risks
  • Act 3 – Resolution – Risk Management Program – Focused on your Organization’s Risks – Documented and Active 

How to do OCR/NIST RA-RM demonstrated Step-by-Step


Why should you attend?

Failure to do HIPAA RA-RM puts your organization in grave danger. This webinar will show you how to do a complete HIPAA RA-RM step-by-step and how easy it is to follow those steps when they are explained. You should attend this this webinar to learn why you must worry about not doing a HIPAA RA-RM properly – and how you can stop worrying by simply doing a HIPAA RA-RM as required every year.

Minimum management practices, business ethics and Federal Law demand that Covered Entities and Business Associates, regardless of size, examine all protected health information (PHI) they hold to identify and assess the specific privacy and security Risks to their PHI. Then – and only then – can they address serious threats to their financial well-being and reputation by developing and implementing effective HIPAA compliance policies, procedures and training to manage their organization’s PHI privacy and security Risks. 

This webinar demystifies HIPAA RA-RM for every organization, regardless of size or previous experience and training.

Who Will Benefit

All Health Care Covered Entities

  • Practice Managers – Covered Entities
  • HIPAA Compliance Officials – Privacy and Security Officers
  • Patient Engagement Officials
  • Health Information Technology Supervisors
  • Risk Managers – Covered Entities
  • Health Care Providers  practicing as individuals or in small groups
  • Group Health Plan Administrators
  • Third Party Group Health Plan Administrators
  • Covered Entity Senior Management and Owners
  • Attorneys for Covered Entities – In-house and Outside Counsel
  • Compliance Committee – Covered Entity Board of Trustees
  • C-Suite Executives – all Covered Entities
  • Chief Compliance Officer – all Covered Entities

All Business Associates including:

  • Billing and Coding companies
  • Practice Management Companies and IT Vendors
  • Data Storage firms (electronic and paper)
  • Secure and unsecure providers of PHI Email and Text Message services
  • Vendors of patient satisfaction surveys
  • Law Firms representing Health Care Providers & Business Associates 

ENROLLMENT OPTIONS

On Demand
ENROLL NOW

Download

Download Brochure

Paul Hales, J.D. is widely recognized for his ability to explain HIPAA Rules clearly in plain language. He is an attorney licensed to practice before the Supreme Court of the United States, a graduat Know More

Paul Hales