WEBINAR: Strengthening Your Risk Management Program: Lessons Learned from the OCR’s Phase 2 Audits
Meditology's Managing Partner, Cliff Baker, alongside Adam Greene, Attorney and Partner at Davis Wright Tremaine LLP, recently presented on the webinar, "Strengthening Your Risk Management Program: Lessons Learned from the OCR’s Phase 2 Audits".
About the Webinar
The HHS Office for Civil Rights (OCR) recently presented some findings from its Phase 2 HIPAA Audit program, providing a snapshot summary of current data security and privacy practices in the healthcare industry. The results reveal that many organizations lack sufficient documentation of risk management activities to satisfy OCR’s expectations. Examples of what was found lacking was documentation of:
comprehensive risk analysis processes to identify risks throughout an organization’s environment;
methods used to calculate risk based on impact and likelihood to the organization; and
risk management activities and controls implemented to mitigate security risks and drive down the likelihood of future security breaches.
The OCR Phase 2 Audit Results underscore the importance of an effective Risk Management Program. Establishing a risk management program that meets the OCR’s expectations is critical for all healthcare organizations who, at some point, may be the subject of an OCR audit or investigation.
Based on OCR's feedback and their collective experience, Adam and Cliff provide guidance and template examples for performing and documenting a risk assessment and risk management programs. Participants will learn about the key elements required in a Risk Assessment, tips for performing an assessment, and useful reference resources.