"Have you ever wondered what professional events are going on around the Greater Boston area? We list some of the important events for networking, technology training, entrepreneurial, product launches, conferences, trade-shows etc. The calendar includes events in life sciences, clean energy, technology, business, finance, legal, media etc that happen locally each week".
Boston Events List
Join our facebook, follow us on twitter, join our linkedin group
A new focus on audits and enforcement at the US Department of Health and Human Services brings new urgency to HIPAA compliance. Not only the HIPAA regulations but also the regulations to receive funding for Meaningful Use of EHRs require performing a HIPAA Security Risk Analysis. But a risk analysis is a lot more than just something you have to do to be in compliance, it is also a process that makes it easier for you to know what are the priorities for risk mitigation and planning, and helps you with every day decisions about how to implement details of the regulations. Developing a risk analysis frame of mind can be very helpful in reducing the uncertainty in day-to-day compliance decisions, and can expedite responses to events such as audits and breaches. This session will help you understand how best to incorporate risk analysis into your every day decision making as well as how to conduct a formal risk analysis to meet HIPAA requirements and help you prepare for audits and breaches.
Description of the topic :
• Health Care entities are subject to a number of standards and regulations that require them to assess the risks to the personal and private information of their patients and take steps to reduce those risks where they can. In particular, the HIPAA Security Rule requires a thorough and complete risk analysis as part of a risk management program. In addition, if health care providers want to receive funding from the Federal government for the adoption of Electronic Health Records, one of the required standards for meaningful use is to protect the privacy and security of patient information by performing a risk analysis consistent with the requirements of the HIPAA Security Rule. And, new enforcement regulations for HIPAA include significant penalties starting at $10,000 for willful neglect of compliance, so even if a HIPAA covered entity doesn’t want to accept funding for adopting an EHR, it risks significant penalties if it hasn’t performed a proper security risk analysis. If a healthcare organization hasn't yet performed an information security risk analysis, the time is now.
• This session will present the background of the regulations and standards that call for information security risk analysis and show how it fits in to an overall information security management process. The risk analysis process will be presented within the context of the overall risk prioritization and risk mitigation process, using an example carried through the discussion.
Q/A Session with the Expert to ask your question
PDF print only copy of PowerPoint slides
90 Minutes Live Presentation
Areas Covered in the Session:
• Find out what are rules on information security risk analysis that health care providers must follow, why they are important, and what the penalties are for not complying, including the new penalties for willful neglect of compliance, which begin at $10,000.
• See how the risk analysis requirement for meeting the privacy and security objective of meaningful use, necessary for federal funding, fits in with HIPAA compliance.
• Learn what steps to follow in the discovery and organization of information needed for the risk analysis.
• Find out what are the most significant risks a health care organization faces and how they can be mitigated.
• Learn a methodology for working through the risk analysis information to discover security strengths and weaknesses and develop a list of priorities for improving security compliance.
• Discover that staff need not be technicians in order to perform a useful risk analysis.
• Discover that a risk analysis can be useful for guiding decision-making for appropriate policies and procedures, and security investments.
Who will benefit: (Titles)
Information Systems Manager
Chief Information Officer
Health Information Manager
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a variety of health care providers, businesses, universities, small and large hospitals, urban and rural mental health and social service agencies, health insurance plans, and health care business associates. He serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the 2011 WEDI Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at AHIMA national and regional conventions and WEDI national conferences, and before the New York Metropolitan Chapter of the Healthcare Financial Management Association, Health Information Management Associations of Virginia, New York City, New York State, and Vermont, the Connecticut Hospital Association, and the Hospital and Health System Association of Pennsylvania. Sheldon-Dean has nearly 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.