Part 3: How to Conduct an OCR-Quality® Risk Analysis
Series Overview:
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has recently confirmed that new HIPAA audits are on the way. OCR Director Melanie Fontes Rainier made this statement to ISMG media on February 14: “OCR intends to initiate audits of HIPAA-regulated entities later this year. These audits can assist regulated entities in improving their HIPAA compliance and their protection of health information.”
Now is the time for regulated healthcare entities to get ahead of the next wave of audits and ensure your organization is in compliance with HIPAA.
In a new multi-part webinar series, Clearwater experts will give you the guidance needed to position your organization for success. This series provides crucial insight not just for organizations classified as covered entities under HIPAA but those classified as business associates (BAs) as well. BAs are especially on OCR’s radar with many of the largest data breaches of the past few years occurring with vendors who are managing electronic protected health information on behalf of a healthcare provider or health plan.
Part 3: How to Conduct an OCR-Quality® Risk Analysis
Data shows that in nearly 90% of OCR enforcement actions involving electronic protected health information, organizations investigated are failing to meet the risk analysis requirement under the HIPAA Security Rule. During this session, Clearwater Chief Risk Officer Jon Moore provides a deep dive on the type of risk analysis that OCR expects for compliance with the HIPAA Security Rule. He discusses why it’s important to perform risk analysis at the information system level and the implications of not performing a comprehensive, enterprise-wide risk analysis. He also shares practical recommendations to help healthcare organizations evolve their approach to analyzing and responding to information security risk.
Presenter:
Chief Risk Officer and Head of Consulting Services and Client Success
