HIPAA Gap Analysis, Risk Assessment and Risk Analysis

This training on HIPAA compliance will teach the attendees best practices for conducting risk assessment, gap analysis and risk analysis. Learn how to prepare the appropriate documentation to avoid enforcement action.

Why Should You Attend:

“Gap” analysis refers to analyzing the organization's information-handling practices against the requirements of HIPAA in order to identify gaps between current and required practices under HIPAA. The HITECH Act requires a “risk assessment” (CFR §164.308(a)(1)(ii)(A)) to determine security risks and implement measures “to reduce those risks and vulnerabilities to a reasonable and appropriate level. The meaningful use requirements state that eligible hospitals (EH) and eligible professionals (EP) must “conduct or review a security ‘risk analysis’ per 45 CFR 164.308(a)(1) of the certified electronic health record (EHR) technology, and implement security updates and correct identified security deficiencies as part of its risk management process.”

Attend this 90-minute webinar to learn how to properly conduct each of these functions. Learn what documentation is required, how to prepare these documents, and who should be informed. Weigh the pluses and minuses of in-house versus outsourced performance.

Areas Covered in the Webinar:

• Learn how to conduct a gap analysis
• Prepare appropriate documentation
• Generate an appropriate gap analysis ‘to-do” list
• Learn how to do a risk assessment
• Do the indicated post-risk assessment remediation
• Learn how to conduct a risk analysis per meaningful use requirements
• Prioritize and perform appropriate follow-up

Who Will Benefit:

This webinar will provide valuable assistance to any covered entity or business associate including Medical offices, group practices, hospitals, academic medical centers, insurers, law firms, accounting firms, shredding companies, data storage facilities, systems vendors, and billing services. Workforce personnel who should attend include:

• Compliance director
• CEO
• CFO
• Privacy Officer
• Security Officer
• Information Systems Manager
• HIPAA Officer
• Chief Information Officer
• Health Information Manager
• Healthcare Counsel/lawyer
• Office Manager
• Contracts Manager

Instructor Profile:

Paul Frisch, served as the General Counsel to a physician trade association for almost 25 years, until 2009. Mr. Frisch is the Compliance Services Director for Apgar and Associates, where he counsels covered entity and business associate clients nationally on issues related to HIPAA Privacy and Security Rules, including compliance strategic planning, breach investigation, risk analysis, compliance audits, and Health Information Exchange implementation.