Visit Symantec Booth #1 at the Virginia HIMSS Annual Conference
http://www.vahimss.org/annualconference/annualconference.html
On 11/8 at 12:30 David Finn, Symantec's Health IT Officer, will present:
HIPAA Security Risk Assessment
Despite the fact that the Security Risk Assessment was a legal requirement for Covered Entities in 2005, many have still not completed one. Many who have attested for Stage 1 - - the Risk Assessment is one of the required criteria for both Hospitals and EPs - - have actually increased their risks by attesting but not having completed one. Stage 2 will require significant expansion with a focus on patient-initiated communications rather than the 1996 HIPAA view of the world where all communications were provider initiated. Stage 2 will also require that you have your Stage 1 Assessment available or can clearly show how it was reviewed and updated for Stage 2. This session will address the risks of “missing” on the risk assessment, some of the changes Stage 2 will bring and how being compliant may not actually provide security . . . and vice versa.
Learning Objectives:
- Understand the Intent of the HIPAA Required Risk Assessment and be aware of how “patient engagement” may complicate both compliance and real security.
- Appreciate what it takes to complete a Risk Assessment that will be recognized by regulators and can be used as your benchmark.
- Recognize that Compliance is not Security . . . And you have to have both
