About HIPAA

What would a data breach cost your organization? Attend this 60-minute live webinar and learn from industry experts how to assess specific security risks and build a strong business case for enhanced PHI security. You’ll learn about a 5-step method to estimate the overall potential costs of a data breach specific to your organization. This method was developed in conjunction with the American National Standards Institute (ANSI).

Data Breach - The Challenge:

Even with the increased focus on enforcement of HIPAA and HITECH requirements, the security efforts of health care organizations responsible for safeguarding PHI are simply not keeping pace with the growing risks of unauthorized or impermissible disclosures of PHI. Those risks are a result of the expansion in the number of organizations handling PHI, the increase in electronic health record (EHR) adoption and the growing rewards of PHI theft.

Recent surveys indicate that inadequate security investments in capital and resources and lack of attention by leadership have left those responsible for protecting PHI feeling that inadequate defenses are in place. Securing budget dollars to implement security enhancements is difficult in the best of times, and is especially tough in these tight economic times.

The problem most organizations face today is justifying investments in privacy and security programs on the basis of “average breach cost” estimated in various white papers, which detail neither how the costs were developed nor allow for the possibility that some costs may not be relevant to every organization.

Data Breach – The Solution:

Attend this 60-minute webinar and learn from industry experts how to assess specific security risks and build a strong business case for investment in enhanced PHI security.

The webinar covers PHIve (PHI Value Estimator) – a 5-step method to estimate the overall potential costs of a data breach specific to an organization and how to use this information to calculate an ROI for investments in initiatives that strengthen privacy and security programs and reduce the probability of a breach.

The breach cost estimating and risk assessment approaches presented in this webinar are purposefully designed to be applicable to organizations ranging from the largest CEs and BAs (e.g., health systems, hospitals, long term care providers, insurers, care management firms, etc) to the smallest CEs and BAs (e.g., small medical practices, clinics, dental offices, medical billing companies, etc.). No matter where you are in your HIPAA-HITECH compliance and risk management journey, you will benefit from learning about:

• The growing number of entities in the health care ecosystem that are responsible for protecting PHI
• The evolution of the regulations, rules and laws
• Recent data breach information, who, what and how
• Information regarding inherent threats to PHI, vulnerabilities and safeguards
• Recent survey results on how the protectors of PHI feel about their ability to secure data
• Methodology for assessing risk in your organization and tools to help cost-justify more investment in security based on the potential risks and liabilities resulting from data breaches

If you are a Business Associate, Covered Entity or a subcontractor that creates, receives, maintains or transmits ePHI, you will benefit from attending this webinar.

Agenda:

In this webinar you will learn about:

• A report published in 2012 and sponsored by the American National Standards Institute (ANSI), The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security
• How to use the PHIve (PHI Value Estimator) – a 5-step method which includes the method for completing a risk assessment in accordance with HHS / OCR guidance and estimating the overall potential costs of a data breach to an organization
• How to determine an appropriate level of investment needed to strengthen privacy and security programs and reduce the probability of a breach
• How to complete a risk assessment in accordance with HHS / OCR guidance

This webinar is designed to help CEs and BAs understand and act on the results of the PHIve tool and sound risk assessment methodologies.

Who Should Attend?

Presented by:

• Mary Chaput, CFO and Chief Compliance Officer – Clearwater Compliance LLC
• Bob Chaput, CEO – Clearwater Compliance LLC

References:

• Published report, The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security
• Guidance on Risk Analysis Requirements under the HIPAA Security Rule
• NIST SP800-30 Revision 1 Guide for Conducting Risk Assessments – DRAFT (new!)
• NIST SP800-37, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach (new!)
• NIST SP800-39-final_Managing Information Security Risk (new!)
• NIST SP800-53 Revision 3 Final, Recommended controls for Federal Information Systems and Organizations
• NIST SP800-53A, Rev 1, Guide for Assessing the Security Controls in Federal Information Systems and Organizations: Building Effective Security Assessment Plans (new!)