OCR has announced that Risk Analysis and Risk Management are now centerpiece concerns and their area of focus in the next rounds of enforcement action. This isn’t really a surprise…68 percent of audited organizations in Phase 1 Audits had adverse findings related to risk analysis. And, every single organization entering into a Resolution Agreement and Corrective Action Plan after an OCR investigation was cited for failing to properly analyze and manage key security risks as specifically required under HIPAA and HITECH regulations.  Is your Risk Management plan strong enough to withstand an OCR Audit?  This session is designed to equip participants to conduct a bona fide HIPAA Security Risk Analysis and Risk Management based on the NIST framework and – just as importantly – implement a strong, ongoing Risk Management program. Attendees will leave with actionable tools to advance their information risk management programs to the next level.

—

Learning Objectives:

• Identify what true Risk Analysis and Risk Management entails, based on the explicit guidelines in from HHS/OCR and the NIST Security Framework
• Discuss how to conduct Risk Analysis and Risk Management
• Discover how to help management make informed decisions about Risk Analysis and Risk Management
• Learn how to guide the organization to a path of continuing improvement in Risk Management processes, encouraging advancement in the maturity of their Risk Management practices

Bob Chaput, MA, CISSP, HCISPP, CRISC, CIPP/US, CEO & Founder, Clearwater Compliance LLC