MedTech I.Q.

The Cutting Edge of Medical Technology Content, Community & Collaboration

Carrying out a HIPAA and HITECH risk analysis

The importance of conducting a risk analysis updating it can be gauged from the fact that failure to conduct a written risk analysis qualifies as “willful neglect”, which carries the highest Civil Money Penalty (“CMP”). This cannot be waived by the DHHS unlike violations that happen due to a reasonable cause.

Since risk analysis is a required implementation specification under the Security Rule, failure to do one amounts to willful neglect. If the civil money penalties for not doing a risk analysis were high enough; consider the costs associated with remediation: Blue Cross Blue Shield of Tennessee not only had to pay the $1.5 million settlement, but also incurred $17 million in remediation costs-costs that might have been avoided had it done an updated risk analysis. Other seven-figure settlements involved failure to do the required initial risk analysis.

Risk analysis is at the core of HIPAA and HITECH

So, it needs to be understood that risk analysis is at the core of HIPAA & HITECH. MentorHealth, a leading provider of professional trainings for the healthcare industry, will be explaining the importance of risk analysis to HIPAA and HITECH at a webinar it is organizing. Jonathan P. Tomes, J.D., a health care attorney and partner in the law firm of Tomes & Dvorak, Chartered, will be the speaker at this webinar.

To gain understanding of how to carry out a risk analysis for HIPAA and HITECH, please register for this webinar by visiting

This webinar will teach participants the proper ways of performing a HIPAA & HITECH Act Risk Analysis. Jonathan will help participants understand the nature, scope and methodology behind risk analysis.

He will cover the following areas during this session:

  • What is risk analysis?
  • Why do you need to do one?
  • How to do one
  • Assemble a good team
  • Identify assets
  • Identify risks
  • Quantify risks
  • Select reasonable, appropriate, and cost effective security measures
  • Test and revise security measures
  • Particular areas to focus on (portable devices, social media, email, and the like)
  • Case study (will walk webinar attendees through the process)
  • Questions and answers

Views: 16


You need to be a member of MedTech I.Q. to add comments!

Join MedTech I.Q.

© 2018   Created by CC-Conrad Clyburn-MedForeSight.   Powered by

Badges  |  Report an Issue  |  Terms of Service