BEGIN:VCALENDAR PRODID:NingEventWidget-v1 VERSION:2.0 METHOD:PUBLISH BEGIN:VTIMEZONE TZID:America/New_York X-LIC-LOCATION:America/New_York BEGIN:DAYLIGHT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 TZNAME:EDT DTSTART:19700308T020000 RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:-0400 TZOFFSETTO:-0500 TZNAME:EST DTSTART:19701101T020000 RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU END:STANDARD END:VTIMEZONE BEGIN:VEVENT UID:2140535:Event:67224 DTSTAMP:20260521T204047Z SUMMARY:Webinar on HIPAA Security Risk Analysis Software – Not all T ools are Created Equal DESCRIPTION:Overview: Under the Health Insurance Portability and Accou ntability Act (HIPAA) Security Rule all electronic protected health i nformation (e-PHI) created, received, maintained, or transmitted by a \"covered entity\" and \"business associate\" is subject to the Securi ty Rule. If we assume that information technology powers modern health care, then it stores or disseminates most everything an entity might know about a patient. Thus, e- PHI security and privacy is fundamenta l and paramount.\nThe Security Rule requires entities to evaluate risk s and vulnerabilities in their technology environments and to implemen t reasonable and appropriate security measures to protect e-PHI. The O ffice for Civil Rights (OCR), the security watchdog for theDepartment of Health and Human Services (DHHS), in particular, is responsible for issuing annual guidance on the provisions in the HIPAA Security Rule. 1 The OCR is also the body responsible for ensuring that covered entit ies are complying with the intent of the Security Rule. From a complia nce perspective then, it may seem especially wise to take heed to what the OCR is saying.In its first guidance released on July 14, 2010,2 t he OCR states \"A risk analysis is foundational, and must be understoo d in detail before OCR can issue meaningful guidance that specifically addresses safeguards and technologies that will best protect electron ic health information.\"In short, an information technology risk analy sis is the fundamental security cornerstone the DHHS expects covered e ntities to meet. As the OCR ratchets up its compliance activities, as it has promised to do after the passage of the Health Information Tech nology for Economic and Clinical Health (HITECH) Act, covered entities who have not conducted an adequate. A risk analysis using a risk-bas ed approach is the very foundation from which to build your informatio n security compliance program. Without this baseline, your organizatio n is swimming aimlessly.The OCR goes on to stress in its Guidance on R isk Analysis: We note that some of the content contained in this guida nce is based on recommendations of the National Institute of Standards and Technology (NIST). NIST, a federal agency, publishes freely avail able material in the public domain, including guidelines. Although onl y federal agencies are required to follow guidelines set by NIST, the guidelines represent the industry standard for good business practices with respect to standards for securing e-PHI. Therefore, non-federal organizations may find their content valuable when developing and perf orming compliance activities. So in short, OCR \"suggests\" that a cov ered entity might use the NIST risk-based approach for doing a risk an alysis. Our view is that when CMS \"suggests\" something, it very much is like God telling you to do so. \"Suggestion\" is merely loosely wo rded as an imperative. Of course, other good risk frameworks exist, su ch as Control Objectives for Information Technology (COBIT) developed by the Information Systems for Auditing and Control Association (ISACA ), or Octave developed by the CERT institute at the Carnegie-Mellon Un iversity.\nPrice : $139.00\nContact Info:MentorHealthPhone No: 1-800-3 85-1607FaX: 302-288-6884 support@mentorhealth.comEvent Link: http://bi t.ly/1P23QCAhttp://www.mentorhealth.com/\n\nFor more information visit https://medtechiq.ning.com/events/webinar-on-hipaa-security-risk-anal ysis-software-not-all-tools DTSTART;TZID=America/New_York:20151210T100000 DTEND;TZID=America/New_York:20151210T110000 CATEGORIES:online, healthcare, training, courses LOCATION:Online Event WEBSITE:http://bit.ly/1P23QCA URL:http://bit.ly/1P23QCA CONTACT:18003851607 ORGANIZER:Netzealous -MentorHealth ATTACH;FMTTYPE="image/jpeg":http://storage.ning.com/topology/rest/1.0/ file/get/2562012368?profile=original ATTENDEE;ROLE=REQ-PARTICIPANT;PARTSTAT=ACCEPTED;RSVP=TRUE;CN="Roger St even":https://medtechiq.ning.com/profile/RogerSteven END:VEVENT END:VCALENDAR