OCR Compliance Plus - Step-by-Step HIPAA Risk Analysis & Risk Management

Date:
Tuesday, August 10, 2021
Time:

10:00 AM PDT | 01:00 PM EDT

Duration:
90 Minutes
Instructor:
Brian  Tuttle
Webinar Id:
20406
17 Days Left To Register

 Live 

$149.
One Attendee
$299.
Unlimited Attendees

Recorded

$199.
One Attendee
$399.
Unlimited Attendees ?

Combo

Live + Recorded
$299 $348  
One Attendee
Live + Recorded
$599 $698  
Unlimited Attendees ?

Overview:

Risk Analysis and Risk Management (RA-RM) are OCR's top enforcement priority and the basis for every HIPAA Compliance program.

However, the biggest and most important nationwide HIPAA violation is failure to perform RA-RM in compliance with OCR requirements. OCR published shocking results of its Phase 2 HIPAA Compliance Audit on December 17, 2020 revealing that:

  • 86% of covered entities and 83% of business associates failed the Risk Analysis Audit
  • 94% of covered entities and 88% of business associates failed the Risk Management Audit

They failed despite the fact that they had been provided with all the audit questions and a list of the documents they would be required to provide well in advance and knew they were short-listed to be audited! The HIPAA Rules do not explain the procedures required to perform RA-RM. However, OCR issued guidance explaining the required steps with specific reference to procedures created by the National Institute of Standards and Technology (NIST) and published in manuals that are free to download. The problem many encounter is that NIST manuals, created by its Computer Security Division, are lengthy and technical. This webinar explains, step-by-step, the exact RA-RM procedures OCR requires using NIST methodology and NIST defined terms such as Risk, Threat, Vulnerability, Impact and Likelihood. The steps are easy to follow when you know the steps.

But there is more - that is why the webinar is titled OCR Compliance Plus.

While RA-RM required by the HIPAA Security Rule applies only to Protected Health Information (PHI) that is transmitted or maintained Electronically (EPHI), the NIST procedures are easily applicable to PHI in any form or format. And every organization has that kind of PHI, for example paper records, forms, schedules, etc.

This webinar explains how to protect your organization by identifying the risks and managing those risks to all PHI in every form and format. It will turn HIPAA RA-RM mystery into mastery.

You'll learn how to perform the steps and create the documentation you need to pass an OCR audit. Most important, however, you'll see how to identify and manage Risks to the Privacy and Security of protected health information (PHI) maintained and transmitted in any form that seriously endanger your organization's well-being.

You'll see HIPAA RA-RM is easy to do step-by-step - when you know the steps.

Why you should Attend: Failure to do HIPAA RA-RM puts our organization in grave danger. This webinar will show you how to do a complete HIPAA RA-RM step-by-step and how easy it is to follow those steps when they are explained.

You should attend this this webinar to learn why you must worry about not doing a HIPAA RA-RM properly - and how you can stop worrying by simply doing a HIPAA RA-RM as required every year.

Areas Covered in the Session:
  • HIPAA RA-RM in 3 Acts
    • Act 1 - Setup - Risk Analysis
    • Assemble Information - Identify, Document and Assess level of Risks
    • Act 2 - Confrontation - Risk Management - Documented Actions to Manage Risks
    • Act 3 - Resolution - Risk Management Program - Focused on your Organization's Risks - Documented and Active
  • Realistic understanding of the danger senior management, owners and organizations face if they fail to do HIPAA RA-RM
  • Clear, easy to understand explanation of HIPAA Risk Analysis and Risk Management following NIST procedures demonstrated onscreen by illustrations from interactive software based on NIST procedures interlinked with HIPAA standards, implementation specifications and compliance policies and procedures
  • How administrative staff of Covered Entities and Business Associates of any size can complete a HIPAA RA-RM efficiently every year with step-by-step guidance even if they have never done one before

Who Will Benefit: All Health Care Covered Entities
  • Practice Managers - Covered Entities
  • HIPAA Compliance Officials
  • HIPAA Privacy Officers
  • HIPAA Security Officers
  • Patient Engagement Officials
  • Health Information Technology Supervisors
  • Risk Managers - Covered Entities
  • Health Care Providers practicing as individuals or in small groups
  • Group Health Plan Administrators
  • Third Party Group Health Plan Administrators
  • Covered Entity Senior Management and Owners
  • Attorneys for Covered Entities - In-house and Outside Counsel
  • Compliance Committee - Covered Entity Board of Trustees
  • C-Suite Executives - all Covered Entities
  • Chief Compliance Officer - all Covered Entities

All Business Associates
  • Billing and Coding companies
  • Practice Management Companies
  • IT Vendors
  • Data Storage firms (electronic and paper)
  • Secure and unsecure providers of PHI Email and Text Message services
  • Vendors of patient satisfaction surveys
  • Collection Agencies
  • Law Firms representing Health Care Providers & Business Associates

Speaker Profile
Brian L Tuttle, CPHIT, CHP, CBRA, Net+, A+, CCNA, MCP is a Certified Professional in Health IT (CPHIT), Certified HIPAA Professional (CHP), Certified HIPAA Administrator (CHA), Certified Business Resilience Auditor (CBRA), Certified Information Systems Security Professional (CISSP) with over 18 years' experience in Health IT and Compliance Consulting.

With vast experience in health IT systems (i.e. practice management, EHR systems, imaging, transcription, medical messaging, etc.) as well as over 18 years experience in standard Health IT with multiple certifications and hands-on knowledge, Brian serves as compliance consultant and has conducted onsite and remote risk assessments for over 1000 medical practices, hospitals, health departments, insurance plans, and business associates throughout the United States.

In addition, Mr Tuttle has served in multiple litigated court cases serving as an expert witness offering input related to best practices and requirements for securing and providing patient access to protected health information. Mr. Tuttle has also worked directly with the Office of Civil Rights (OCR) both in defending covered entities and business associates as well as being asked by the Federal government to audit covered entities and business associates on behalf of the OCR. Almost all of Brian's clients are earned by referral with little or no advertising.

Brian is well known and highly regarded in medical circles throughout the United States for his quality work and down home southern charm Mr Tuttle has a Master's Degree in Health Sciences from Georgia State University and works nationally out of Kennesaw, GA


You Recently Viewed