Training

Governance , Healthcare Information Exchange (HIE) , HIPAA/HITECH

Beyond HIPAA Risk Assessments: Added Measures for Avoiding PHI Breaches

Beyond HIPAA Risk Assessments: Added Measures for Avoiding PHI Breaches

Last year, several high profile security incidents occurred at healthcare organizations where a HIPAA Risk Assessment (HSRA) had previously been conducted. This should provoke some pointed questions: Was the HSRA comprehensive enough? Was the remediation plan implemented correctly and in a timely manner? Was an ongoing process of risk management adopted? In this webinar, attendees will learn why HSRA's are a necessary but not sufficient part of maintaining the security of protected health information (PHI).

  • What qualifies as a comprehensive HIPAA risk analysis?;
  • Learn why HIPAA Risk Assessments are necessary but not sufficient;
  • What are the elements of an ongoing security risk management program?
  • What else can be done to lower the risk of hacking incidents?.

Background

HIPAA Risk Assessments are a valuable component of a healthcare organization's information security program. They fulfill a mandatory requirement of the HIPAA Security Rule, Omnibus Rule, and where applicable, the EHR Meaningful Use Incentive Program. Compliance, however, is not synonymous with security.

The purpose of an HSRA is to identify threats and vulnerabilities. But without a comprehensive remediation and ongoing risk management plan, the HSRA itself is of little value. Further, many HSRA's are too limited in scope, focusing only on policies or "low-hanging" fruit while ignoring more critical and complex risks.

From 2010-2013, the vast majority of breaches of PHI resulted from lost or stolen portable devices. In 2014, the landscape changed. Hackers went on the attack, attracted by high value of data stores of PHI. Millions of health records were stolen. Hackers typically exploit vulnerabilities in the network infrastructure or in web applications. In addition, individual credentials are often compromised through "phishing" email attacks. Were these risks identified in your HSRA?

In this webinar, attendees will learn how these critical risk factors can be reduced through penetration testing, web application assessments, social engineering testing, and security awareness training.

  • Learn why HIPAA compliance isn't everything;
  • Better understand the IT threat landscape;
  • Determine your organization's level of "security readiness"
  • Discover new security tactics for lowering your risk of PHI data breach.

Slide Previews

Webinar Registration

Premium Members Only

OnDemand access to this webinar is restricted to Premium Members.

Join Now to Access


Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.