Security Risk Assessment, What it is and How to Conduct One
July 9, 2015 - Online event CA USMentorHealth
support@mentorhealth.com
Phone:8003851607
Fax:302-288-6884
Overview: In this session we will demystify the reasons to and the process of conducting a Security Risk Assessment ("SRA"). Starting with a discussion of the implications of not conducting an SRA you will understand the liability landscape presented by a variety of governmental agencies. We will then move on to present the impact the SRA has on your revenue cycle, and the operation of your practice. We will discuss how your SRA impacts your web presence, your Business Associates, and other organizations you and your practice work with, including billing companies, durable medical equipment suppliers ("DME"), volunteers, attorneys and accountants. We will then explain the why the SRA is the cornerstone of your HIPAA compliance program and how to conduct one per the requirements of the HIPAA/HITECH regulations. At the end of this session the attendee will understand how the SRA fills a role in determining what constitutes HIPAA compliance, and how to understand what is really meant by the terminology commonly encountered, and misunderstood, when discussing the components of the SRA. We will discuss major areas of the SRA; the Technical, Physical and Administrative Safeguards, in such a way that the attendee will understand what they mean and how to address them. We will cover a couple of specific ambiguities and discuss some examples encountered in the SRA. We will explain and demonstrate how to work through the ambiguities, and draw a conclusion that allows you to take defensible action. In this section we will show you what reference materials are available, and work through at least one example of an ambiguity, and show you how to reach defensible solution. We will also explain what constituted a defensible solution and why it is important. We will cover the concepts and terms encountered when discussing the SRA; what the SRA, actually, is and what are you obligations under HIPAA. We will discuss the misconceptions around terms such as the Security and Privacy Regulations, what do Technical, Administrative and Physical Safeguards really mean. We will cover the ramifications of not complying with HIPAA requirements for an SRA when you have a reported breach, and discuss why having completed the SRA is only the beginning of the process, not the end. After covering the generalities, the presentation will then focus on specific concepts and terms that are common to breaches that have been reported over the last few years, and how having conducted an appropriate SRA would have prevented or minimized the impact of the breach. We will work through some of the myths encounter when discussing SRAs, explain why they exist and demystify them to give the attendee the "truth" behind these myths. As we work through the language of the RSRA, we will not discuss the terminology and concepts from a high level view, but rather with the goal of providing sufficient detail so the attendee will leave with actionable items. Finally, the objective of this presentation is not to make you an expert on conducting an SRA, and why that would be difficult, but rather give you the information you need to ask the right questions of your Chief Privacy and/or Security Officer(s), or consultant. MentorHealth Roger Steven contact no: 800-385-1607 fax no: 302-288-6884 Event Link:http://bit.ly/1Kn6j6G support@mentorhealth.com www.mentorhealth.com