Do you know that a HIPAA HITECH Security Risk Assessment is the first thing OCR will ask for in an audit?
HIPAA risk assessment helps organizations pinpoint security gaps impacting the confidentiality, integrity, and availability of Protected Health Information (PHI). It also helps health care providers ensure compliance with the HIPAA security rule and the HIPAA privacy rule by assessing the effectiveness of physical, technical, and administrative safeguards. This helps covered entities proactively identify, prioritize, mitigate, manage, and remediate security breaches.
Attending a HIPAA HITECH security risk assessment is not just about individual compliance but also collective security. Ensuring compliance with regulatory requirements set forth by HIPAA and HITECH contributes to a collective effort to safeguard protected health information (PHI). However, one should conduct a HIPAA risk assessment at least once a year. It is recommended to re-evaluate your risk stats whenever new technologies are implemented, business operations undergo significant changes, the IT infrastructure undergoes significant updates, if new regulations are added, and whenever an incident occurs.
Session Highlights:
- Learn a step-by-step, NIST-based approach to conducting a HIPAA HITECH Security Risk Assessment, including insights into the 2025 NPRM potential changes.
- Discover the best ways to answer compliance questions confidently and accurately.
- Find out exactly who must comply with HIPAA HITECH and what that means for your organization.
- Get clear instructions on creating HIPAA Security Policies and Procedures that directly reflect your risk assessment findings.
- Learn about the unique risks facing small practices versus larger entities and how to address them.
Pay Attention To:
- Understand what the Office for Civil Rights (OCR) requires when reviewing risk assessments and policies.
- Determine if your current risk assessment is adequate, up-to-date, and comprehensive enough for your specific needs.
- Ensure your policies are written to satisfy OCR standards and appeal to potential clients.
- Receive practical, point-by-point guidance that you can immediately implement to improve your organization’s security posture.
Target Audience:
- Hospitals
- Practice managers
- Billing Companies
- Transcription Companies
- Home Health Groups
- Health Insurance
- Ambulatory
- IT Companies
- MDs and other medical professionals
Presenter Information:
Brian L Tuttle, CPHIT, CHP, CBRA, Net+, A+, CCNA, MCP is a Certified Professional in Health IT (CPHIT), Certified HIPAA Professional (CHP), Certified HIPAA Administrator (CHA), Certified Business Resilience Auditor (CBRA), Certified Information Systems Security Professional (CISSP) with over 18 years' experience in Health IT and Compliance Consulting. With vast experience in health IT systems (i.e. practice management, EHR systems, imaging, transcription, medical messaging, etc.) as well as over 18 years’ experience in standard Health IT with multiple certifications and hands-on knowledge, Brian serves as compliance consultant and has conducted onsite and remote risk assessments for over 1000 medical practices, hospitals, health departments, insurance plans, and business associates throughout the United States.
