HIPAA: Risk Assessment Requirements


The Feds have increased the civil monetary penalties on practices that are not HIPAA compliant. Practices have been hit hard with fines has high as $1,500,000 for HIPAA breaches, and the Agency is getting ready to announce its next big round of audits. And the #1 area for non-compliance is a lack of a documented risk assessment plan..

But who has time to do a HIPAA Risk Assessment, right? With everything else on your plate, this is probably at the bottom of the pile and it has been there for some time. Also, creating a risk assessment document can be overwhelming considering what is riding on its successful completion. For example, here are some facts that you may not be aware of:

• There are over 44 items that you will be scrutinized on if you’re audited for HIPAA compliance (which is getting more and more likely)
• HIPAA is a personal responsibility law and goes above and beyond just risk for the practice or business. There are personal ramifications for non-compliance for you, your providers and each member of your team.
• For violations after 2/18/2009, you can be charged from $100-$1,500,000 depending on your level of noncompliance, and the number of occurrences per calendar year
• One of the key methods being used to identify HIPAA violations is through patient complaints

So, where should you start? How do you do a HIPAA Risk Assessment anyway? Brian L Tuttle, CPHIT, CHP, CHA, CBRA, CISSP, CCNA, nationally recognized certified HIPAA auditor, is here to help. He has developed a risk assessment process that makes ensuring you’re compliant easy-to-understand and implement.

Brian uses his years of working directly with the government auditors that police HIPAA to provide you with the proven tools you need to identify what you and your staff are doing that could land you in hot water. Not just hot water with the Feds, but with your patients too (since one of primary methods used to identify HIPAA violations is through patient complaints). This how-to webinar will help you not only conduct an effective, efficient HIPAA risk assessment, but will also show you how to write and implement policies and ongoing management processes to ensure your practice is and remains HIPAA compliant.

Attending Brian’s training session will provide you with a clear HIPAA compliance path. You’ll also have confidence that you’re protected against the hassle of a HIPAA audit, and the potential fines and penalties that could follow. Specifically, after attending this webinar, you’ll be able to:

1- Reduce your chances of being audited by successfully completing a HIPAA risk assessment
2- Avoid patient complaints and a HIPAA audit by implementing easy-to-follow written policies based upon your risk assessment
3- Create your own HIPAA policies without being tempted by cookie cutter templates that could lead to fines and penalties
4- Master the 44 implementation specifications of the HIPAA Security Rule with a policy manual that works
5- Cut HIPAA Privacy slip ups, and how to combat them correctly should they occur

If you’ve been putting off implementing your office’s HIPAA policies, want to confirm the policies you have in place are adequate, or want to figure out how to make sure once you’ve implemented the policies they get followed, sign up for this information-packed, 90-minute webinar. Don’t wait though. There are only a limited number of registrations available to ensure that all attendees have an opportunity to get their questions answered, and have an optimal learning experience.

The Office of Civil Rights (OCR) on the Health and Human Services’ website is full of healthcare organizations that never dreamed they could be found guilty of a HIPAA violation – and yet they were. Here are just a FEW of the violations that are listed: Patient phone messages, copying patients charts, releasing patient documents, notices off privacy, poor decisions by staff, over-disclosure, fax disclosure, etc. Don’t wait, register today!

Meet Your Expert

Brian L. Tuttle
CPHIT, CHP, CHA, CBRA, CISSP, CCNANationally Renowned HIPAA Compliance Consultant

Brian is a Certified Professional in Health IT (CPHIT), Certified HIPAA Professional (CHP), Certified HIPAA Administrator (CHA), Certified Business Resilience Auditor (CBRA), Certified Information Systems Security Professional (CISSP) with over 17 years’ experience in Health IT and Compliance Consulting.

With vast experience in health IT systems (i.e. practice management, EHR systems, imaging, transcription, medical messaging, etc.) as well as over 17 years’ experience in standard Health IT with multiple certifications and hands-on knowledge, Brian serves as compliance consultant and has conducted onsite and remote risk assessments for over 1000 medical practices, hospitals, health departments, insurance plans, and business associates throughout the United States.

In addition, Mr Tuttle has served in multiple litigated court cases serving as an expert witness offering input related to best practices and requirements for securing and providing patient access to protected health information. Mr. Tuttle has also worked directly with the Office of Civil Rights (OCR) both in defending covered entities and business associates as well as being asked by the Federal government to audit covered entities and business associates on behalf of the OCR.