HIPAA Security Risk Analysis, Policies and Procedures: Making Sure You Find Risks to Health Information
HIPAA has been a law for more than twenty years now, and the rules in place call for extensive policies and procedures to ensure compliance with the HIPAA Security Rule. But not all entities have done the work necessary to conduct an accurate and thorough assessment of the risks to the security of Protected Health Information (PHI), and develop and implement their security policies and procedures. Even if they have all the best practices in place, entities must have the supporting policies and procedures to ensure consistency in service and compliance with the law, and they need to be aware of the risks they face and be ready to respond to changes in the risk landscape.
This session will focus on the conduct of an information security risk analysis, as required under the HIPAA Security Rule, and development and implementation of the necessary policies and procedures for HIPAA Security Rule compliance. Suggested ways a risk analysis may be conducted and the tools that may be used, will be explored. The necessity for undertaking an information flow analysis to find risks will be explained. Identified risks must be managed, and the means to do so using a set of spreadsheets in a workbook will be described.
The program will discuss the requirements and the issues involved with HIPAA security risk analysis, policies, and procedures, and help define the path entities can follow to bring their compliance up to the level at which it should be today.
Compliance officers, privacy and security officers, health information management leadership and staff, information security, and patient relations, as well as staff in patient intake and front-line patient relations. Also, others interested in or responsible for patient communications, information management, and privacy and security of protected health information (PHI) under the Health Insurance Portability and Accountability (HIPAA) Act should attend.
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC. He is a frequent speaker regarding HIPAA, including speaking engagements at numerous national healthcare association conferences and conventions, and the annual NIST/OCR HIPAA Security Conference. Jim has more than 16 years of experience specializing in HIPAA compliance, more than 34 years of experience in policy analysis and implementation, business process analysis, information systems and software development, and eight years of experience as a Vermont certified volunteer emergency medical technician. Jim has no real or perceived conflicts of interest that relate to this presentation.