HIPAA Maintenance: Security Risk Assessment

Credits: 1

Course Description

Through its audit process, the Office for Civil Rights continues to find deficiencies in the way that medical practices handle HIPAA compliance programs. Theft or loss of unencrypted electronic systems and media containing protected health information is an ongoing problem. Cases continue to occur where patient records are left unprotected and where unauthorized access may be gained. Headlines of large penalties levied against health-care organizations for security breaches continue to populate the media. 
 
The Department of Health and Human Services requires organizations to conduct a risk analysis as the first step toward implementing the safeguards specified in the HIPAA Security Rule and ultimately achieving HIPAA compliance.

What does a risk analysis entail, and what do you absolutely have to include in your report? This one-hour webinar will provide an overview of the scope and requirements of a security risk analysis, as well as resources to help you develop an organized, day-to-day security and privacy program.

 

Learning Objectives

 At the conclusion of this course, participants should be able to:

  • List the elements that must be incorporated into an effective risk analysis.
  • Cite one of the security measures they will implement as a result of the risk analysis.

Faculty Information 

John R. Christiansen, Christiansen IT Law
Since the early 1990s, John R. Christiansen has been practicing law related to health-information technology. After practicing in major law and consulting firms, John formed Christiansen IT Law in 2005 to provide services on a more flexible, cost-effective basis.
Christiansen IT Law’s services include privacy and security assessment, compliance and risk management, contracting and licensing of health information technology services, and related issues. Clients include health-care providers, technology and services vendors, government agencies, academic institutions, and professional firms.

John is an active participant in professional associations, including current service as Chair of the Washington State Bar Association Health Law Section, and past Chair of the American Bar Association’s HITECH Megarule Task Force. He frequently speaks and publishes on health information technology and is the author of An Integrated Standard of Care for Healthcare Information Security (AHLA 2005), The HITECH Business Associate Contracts Bible (ABA 2013) and Management of Health Information in Washington State: Federal and State Regulations (WSHIMA 2015), a recently published, comprehensive reconciliation of Washington State and federal health information privacy laws.   

 

 

 

Planning Group 

Tracey L. G. Hugel, RNC-TNP, CHC, CHPC, CPHIMS – Skagit Regional Medical Center, Mount Vernon, WA
Angie Perez – HIPAA Privacy and Security Compliance Officer, Family Care Network, Bellingham, WA
Cathy Reunanen, ARM, CPHRM Senior Healthcare Risk Management Consultant, Physicians Insurance, Seattle, WA
Cryss. Toycen – CME Specialist, Physicians Insurance, Seattle, WA
Mesina McMurray – Content Development Project Manager, Physicians Insurance, Seattle, WA
Amanda PughRisk Management Education Assistant, Physicians Insurance, Seattle, WA

Original release: March 2016
Last reviewed: March 2017
Expiration: March 2019


CME Information
This CME activity was planned and produced in accordance with the ACCME Essentials.

Category 1 credit is applicable throughout the United States.

Estimated time to complete this activity: 1 hour

Physicians in Washington will fulfill the risk-management-education requirement mandated by the Washington Health Services Act of 1993.


Accreditation
Physicians Insurance/Experix is accredited by the Washington State Medical Association to provide continuing medical education for physicians.

Physicians Insurance/Experix designates this enduring material for a maximum of 1 AMA PRA Category 1 CreditTM. Physicians should claim only the credit commensurate with the extent of their participation in the activity.

This activity meets the criteria for up to 1 hour of Category I CME to satisfy the relicensure requirements of the Washington State Medical Quality Assurance Commission.


Disclosure
The content of this activity does not relate to any product of a commercial interest as defined by the ACCME; therefore, neither the planners nor the faculty have relevant financial relationships to disclose. Physicians Insurance/Experix CME maintains full control of the content of every course we provide. It is our policy to identify and resolve all speaker and planner conflicts of interest. Each speaker is required to give a balanced, evidence-based presentation that is free of commercial bias.


Resolution of Conflicts of Interest
Physicians Insurance/Experix has implemented a process to resolve conflicts of interest for each continuing medical education activity, to help ensure content objectivity, independence, fair balance, and content that is aligned with the interest of the public. Conflicts, if any, are resolved through a peer-review process.

* If you are a member of Physicians Insurance, all CME courses are included with your premium. Click here to access members-only CME.