Understanding and Administering the Employer’s HIPAA Related Security Risk Analysis Requirement

Please feel free to save or share this link to refer back to this offering. For in depth information or for scheduling, please visit the activity site directly as detailed in the activity description.
07 May

Understanding and Administering the Employer’s HIPAA Related Security Risk Analysis Requirement

Understanding and Administering the Employer’s HIPAA Related Security Risk Analysis Requirement

Tuesday, May 7, 2024 (12:00 AM to 11:59 PM)
1 PDCs
Provider: Baldwin Risk Partners
Course Name: Understanding and Administering the Employer’s HIPAA Related Security Risk Analysis Requirement

Speaker: Natashia Wright & Jason Sheffield
Program Type: Videoconferences, webcasts, audiocasts, podcasts, eBooks, self-directed E-Learning
Registration URL: https://bks-partners.zoom.us/webinar/register/WN_ZOxDhZDBSUyQtpazYMv0hw#/registration

Email Details

1. Learn and understand the security risk analysis requirement’s role in assuring comprehensive Security Rule compliance assuredness and the development of agency audit related defensive strategies for a covered entity. 2. Distinguish between the risk analysis and risk management phases of the security risk analysis operational process, demonstrating an understanding the underlying elements of both operational phases of the analysis. 3. Learn and understand successful utilization of the Security Risk Analysis Tool, as developed and maintained by the US Department of Health and Human Services. 4. Develop the skills and knowledge necessary to adequately oversee the development of the covered entity’s security risk analysis, including a comprehensive evaluation of the satisfaction of HIPAA’s technological, physical, and administrative safeguards. 5. Learn the security risk assessment lifecycle in order to demonstrate an understating the when, the why, and the how of a successful security risk analysis operation.

You're Registered!
HIPAA covered entities have a range of privacy and security related compliance obligations. Beginning with publication of the 2013 HIPAA Omnibus Rule, the US Health and Human Services Department commenced the first HIPAA audit program. This was the first time HIPAA covered entities could face repercussions for failing to comply with HIPAA’s administrative simplification provisions on a pre-emptive (or pre-breach) basis. For the first time, actionable HIPAA related compliance failures no longer required actual breach or identification of specific resulting harms. Instead, an employer’s mere failure to perform the HIPAA administrative simplification guidelines now serves as an adequate basis for the agency to exercise its enforcement jurisdiction to audit and penalize a non-conforming employer plan sponsor. Of the many administrative simplification mandates, perhaps the most complex is the HIPAA security risk analysis requirement. Successful performance requires the performance of a comprehensive review and analysis of the organization’s global security management processes, including an expansive internal audit and evaluation the performance of the underlying Implementation Specifications, including administration of various technological, physical, and administrative safeguards. Ranging from encryption and decryption, access management, physical facility access, and ensuring end user authentication procedures, to HIPAA training, officer appointments, and adoption of sanctions policies for non-conforming workforce members, these rules constitute an A-to-Z compliance model for successful security preparedness operations. Join us for this important broadcast and explore the performance of these complex requirements, including development of the resulting, and required, security risk analysis report (also referred to as the employer’s “audit ready report”).