HIPAA Risk Management: Understanding and Meeting Compliance Requirements

1
PRESENTED BY PAUL R. HALES, J.D.
Register Now
1
www.thehipaaetool.com
2
HIPAA Risk Analysis Risk Management
PAUL R. HALES ATTORNEY AT LAW Health Information
HIPAA Protecting Patient Privacy is Our
Job Legal Education Not Legal
Advice AttorneyHales.com _at_hipaaetool 314-534-3534
PaulHales_at_AttorneyHales.com
2
www.thehipaaetool.com
3
HIPAA Risk Analysis Risk Management What Are
We Going to Cover?
How to do HIPAA RA-RM Preview NIST/OCR
Guidance
Its just a 3 Act Play! National Crisis Failure
to do HIPAA RA-RM OCR Audit NIST/OCR HIPAA
Risk Analysis Risk Management Risk Analysis
Identify Risk and Level of Risk Affecting All
PHI All Locations Every Year Risk Management
Reduce Risks to Reasonable Appropriate Level
How to do NIST/OCR RA-RM in 3 Acts
Step-by-Step
3
www.thehipaaetool.com
4
HIPAA Risk Analysis Risk Management How to do
HIPAA RA-RM Preview NIST/OCR Guidance HIPAA
Rules Easy to Follow Step-by-Step When You
Know the Steps No RA-RM Steps in the HIPAA
Rules! NIST/ OCR Guidance
4
www.thehipaaetool.com
5
HIPAA Risk Analysis Risk Management How to do
NIST/OCR RA-RM Step-by-Step

• Its just
• A 3 Act Play
• Act 1 Setup
• Risk Analysis
• Assemble Information
• PHI Locations in your Information System
• Workforce Business Associates
• Identify Threats, Vulnerabilities and Risks
• Assess Level of Risks

www.thehipaaetool.com
6
HIPAA Risk Analysis Risk Management How to do
NIST/OCR RA-RM Step-by-Step

• Determining Level of Risk NIST Risk Management
  Procedures 3 Things determine Level of Risk
• Impact First consider the degree of Impact
  (very high, high, medium, low, very low) caused
  by a Risk if a Threat triggered a Vulnerability
• Likelihood Next, consider the Likelihood that a
  Threat might occur (very low, low, medium, high,
  very high) to trigger a Vulnerability and cause
  a Risk
• Controls Finally consider effectiveness of
  Controls in place to reduce the Vulnerability in
  an Information System

www.thehipaaetool.com
7
HIPAA Risk Analysis Risk Management How to do
NIST/OCR RA-RM Step-by-Step

• Its just
• A 3 Act Play
• Act 1 Setup
• Risk Analysis
• Assemble Information
• PHI Locations in your Information System
• Workforce Business Associates
• Identify Threats, Vulnerabilities and Risks
• Assess Level of Risks

www.thehipaaetool.com
8
HIPAA Risk Analysis Risk Management
How to do HIPAA RA-RM Preview NIST/OCR
Guidance
Its just A 3 Act Play Act 2
Confrontation Risk Management Actions Reduce
Risks to Reasonable and Appropriate Level Act 3
Resolution Risk Management Program Active
Documented In Place
www.thehipaaetool.com
9
HIPAA Risk Analysis Risk Management How to do
HIPAA RA-RM Preview NIST/OCR Guidance HIPAA
Rules Easy to Follow Step-by-Step When You
Know the Steps No RA-RM Steps in the HIPAA
Rules! NIST/ OCR Guidance
www.thehipaaetool.com
10
HIPAA Risk Analysis Risk Management
Concluding Discussion, Questions, Comments Its
Your Turn Questions, Comments, Suggestions
www.thehipaaetool.com
11
HIPAA Risk Analysis Risk Management
In Conclusion, we have Reviewed How to do HIPAA
RA-RM Preview NIST/OCR Guidance Its just a 3
Act Play! National Crisis Failure to do HIPAA
RA-RM OCR Audit NIST/OCR HIPAA Risk Analysis
Risk Management Risk Analysis Identify Risk and
Level of Risk Affecting All PHI All Locations
Every Year Risk Management Reduce Risks to
Reasonable Appropriate Level How to do
NIST/OCR RA-RM in 3 Acts Step-by-Step
www.thehipaaetool.com
12
HIPAA Risk Analysis Risk Management
Thank You Paul Hales, J. D.
PaulHales_at_AttorneyHales.com 314-534-3534
Register Now
www.thehipaaetool.com