Last year, several high profile security incidents occurred at healthcare organizations where a HIPAA Risk Assessment (HSRA) had previously been conducted. This should provoke some pointed questions: Was the HSRA comprehensive enough? Was the remediation plan implemented correctly and in a timely manner? Was an ongoing process of risk management adopted? In this webinar, attendees will learn why HSRA's are a necessary but not sufficient part of maintaining the security of protected health information (PHI).
What qualifies as a comprehensive HIPAA risk analysis?;
Learn why HIPAA Risk Assessments are necessary but not sufficient;
What are the elements of an ongoing security risk management program?
What else can be done to lower the risk of hacking incidents?.
HIPAA Risk Assessments are a valuable component of a healthcare organization's information security program. They fulfill a mandatory requirement of the HIPAA Security Rule, Omnibus Rule, and where applicable, the EHR Meaningful Use Incentive Program. Compliance, however, is not synonymous with security.
The purpose of an HSRA is to identify threats and vulnerabilities. But without a comprehensive remediation and ongoing risk management plan, the HSRA itself is of little value. Further, many HSRA's are too limited in scope, focusing only on policies or "low-hanging" fruit while ignoring more critical and complex risks.
From 2010-2013, the vast majority of breaches of PHI resulted from lost or stolen portable devices. In 2014, the landscape changed. Hackers went on the attack, attracted by high value of data stores of PHI. Millions of health records were stolen. Hackers typically exploit vulnerabilities in the network infrastructure or in web applications. In addition, individual credentials are often compromised through "phishing" email attacks. Were these risks identified in your HSRA?
In this webinar, attendees will learn how these critical risk factors can be reduced through penetration testing, web application assessments, social engineering testing, and security awareness training.
Learn why HIPAA compliance isn't everything;
Better understand the IT threat landscape;
Determine your organization's level of "security readiness"
Discover new security tactics for lowering your risk of PHI data breach.
Premium Members Only
OnDemand access to this webinar is restricted to Premium Members.
Berger is the President of Redspin (an Auxilio company), an IT security assessment company in Santa Barbara, CA. Under Berger's leadership, Redspin has become the leader in healthcare IT security, providing HIPAA risk analysis services to 135 hospitals, nearly 1,000 clinics, and many business associates. He is also the author of Redspin's annual "PHI Breach Report," a widely-cited resource on healthcare data breaches and their causes. In 1996, Berger received a commendation from the Oklahoma City Department of Health for his participation in a conference on "The Role of Technology in Disaster Preparedness." He is an honors graduate of Colby College in Waterville, ME.