The HIPAA Rules require Covered Entities and Business Associates to do Risk Analysis and Risk Management (RA-RM) but do not explain how to do them. OCR addressed this problem by issuing guidance advising Covered Entities and Business Associates to use the Risk Analysis – Risk Management process developed by the National Institute of Standards and Technology (NIST).
This webinar lays out each step of the NIST RA-RM process, arranged for clarity in three segments. And it concludes with a demonstration of how to do an RA-RM. HIPAA RA-RM is easy to do step-by-step – when you know the steps.
OCR consistently calls Risk Analysis the foundation of every HIPAA Compliance program. Organizations must first identify the unique Risks to the privacy and security of protected health information (PHI) they hold. Then – and only then – can they craft and implement tailored policies, procedures and training to manage specific risks that endanger their PHI and the organization’s financial well-being and reputation.
OCR investigations and enforcement activities reveal the importance of RA-RM. They describe devastating health information breaches caused by risks that could have been identified and managed. RA-RM failures by large and small organizations have caused the private health information of hundreds of millions of Americans to be stolen.
On December 17, 2020 OCR published shocking results of its Phase 2 HIPAA Compliance Audits. OCR found:
- 86% of covered entities and 83% of business associates failed the Risk Analysis Audit and
- 94% of covered entities and 88% of business associates failed the Risk Management Audit.
These organizations failed despite the fact that they had been provided with all the audit questions and a list of the documents they would be required to provide well in advance and knew they were short-listed to be audited!
Area Covered In The Webinar
OCR Guidance – Risk Analysis and integrated Risk Management process
- OCR Reliance on NIST Procedures – the standard for best practices
- NIST Sources – HIPAA RA-RM and NIST Risk Management Framework
OCR Audit – National Crisis – Widespread Failure to do RA-RM
- Inexcusable, Unnecessary and Dangerous
OCR/NIST HIPAA RA-RM Process explained simply – It’s just a 3 Act Play
- Act 1 – Setup – Risk Analysis Assemble Information – Identify, Document and Assess level of Risks
- Act 2 – Confrontation – Risk Management – Documented Actions to Manage Risks
- Act 3 – Resolution – Risk Management Program – Focused on your Organization’s Risks – Documented and Active
How to do OCR/NIST RA-RM demonstrated Step-by-Step
Failure to do HIPAA RA-RM puts your organization in grave danger. This webinar will show you how to do a complete HIPAA RA-RM step-by-step and how easy it is to follow those steps when they are explained. You should attend this this webinar to learn why you must worry about not doing a HIPAA RA-RM properly – and how you can stop worrying by simply doing a HIPAA RA-RM as required every year.