HIPAA has been a law for more than twenty years now, and the rules in place call for extensive policies and procedures to ensure compliance with the HIPAA Security Rule. But not all entities have done the work necessary to conduct an accurate and thorough assessment of the risks to the security of Protected Health Information (PHI), and develop and implement their security policies and procedures. Even if they have all the best practices in place, entities must have the supporting policies and procedures to ensure consistency in service and compliance with the law, and they need to be aware of the risks they face and be ready to respond to changes in the risk landscape.
This session will focus on the conduct of an information security risk analysis, as required under the HIPAA Security Rule, and development and implementation of the necessary policies and procedures for HIPAA Security Rule compliance. Suggested ways a risk analysis may be conducted, and the tools that may be used, will be explored. The necessity for undertaking an information flow analysis to find risks will be explained. Identified risks must be managed, and the means to do so using a set of spreadsheets in a workbook will be described.
The program will discuss the requirements and the issues involved with HIPAA security risk analysis, policies, and procedures, and help define the path entities can follow to bring their compliance up to the level at which it should be today.