With HIPAA Final Omnibus Rule in full effect, Covered Entities and Business Associates and their subcontractors—effectively all entities that create, receive, maintain or transmit electronic Protected Health Information—are statutorily obligated to comply with the HIPAA Security Rule requirement to complete a formal, periodic HIPAA Security Rule compliance evaluation.  This session will present strategies to help organizations from the largest CEs and BAs (e.g., hospitals, insurers, care management firms, etc) to the smallest BAs and subcontractors (e.g., small medical practices, clinics, dental offices, medical billing companies, IT companies, etc.).  You will receive practical, actionable advice and approaches to assessing your security compliance program as well as the actual security it provides your data.

—

 Learning Objectives:

• Examine the OCR audit protocols which describe what the OCR would be looking for
•   Discover how to evaluate your compliance with the law
•   Identify practical, actionable steps to take today to mitigate risk and help assure compliance

Bob Chaput, CISSP, HCISPP, CRISC, CIPP/US, CEO, Clearwater Compliance LLC