Print Page   |   Contact Us   |   Sign In   |   Register
Preliminary Security Risk Assessment Tool for FQHCs
Tell a Friend About This EventTell a Friend
Preliminary Security Risk Assessment Tool for FQHCs

To assist Federally Qualified Health Centers in preparing for a Risk Assessment, OSIS has developed a preliminary security risk assessment tool and review to share with all the participating Health Centers. During this webinar we will discuss the process that OSIS will follow in providing this service to participating members.

3/20/2014
When: 3/20/2014
2:00 PM
Where: Webinar
Presenter: Jay Trinckes is Vice President of Information Security at OSIS
Contact: Faiyaz Syed, MD
517.827.0887

« Go to Upcoming Event List  

 

Webinar 4 in the 5-part series

To assist Federally Qualified Health Centers in preparing for a Risk Assessment, OSIS has developed a preliminary security risk assessment tool and review to share with all the participating Health Centers. During this webinar we will discuss the process that OSIS will follow in providing this service to participating members. We will take a look at the documents that will be requested during the review; discuss the interview questions that will be asked covering administrative, physical, and technical safeguards; and share expectations of both OSIS and participating members throughout the process. The assessment is intended to provide a baseline gap analysis review of some of the major items that organizations should be aware of as it relates to their HIPAA compliance efforts. To register click here.

 

Overview

Michigan Primary Care Association (MPCA), in partnership with Ohio Shared Information Services (OSIS), is proud to present its 5 part HIPAA Compliance/Security Risk Assessment Series. Over the next three months, a series of webinars focused on HIPAA Compliance, Meaningful Use requirements and Security Risk Assessment will be offered by MPCA’s Michigan Quality Improvement Network (MQIN) to all the interested Michigan Health Centers. These webinars are intended to educate participants about the necessary requirements addressed in the HIPAA/HITECH Privacy/Security Rules along with attesting to their Meaningful Use requirements and the need for having a Risk Assessment done. The series will begin with an introduction of the requirements to set the regulatory environment baseline. The remainder of the webinars will address the importance of elevating security to the board room and specific requirements of Meaningful Use. The series wraps up with assisting the participating Health Centers in performing a preliminary security risk assessment; following specific recommendations will be provided to increase organization’s level of security and compliance. Throughout the series, a professional expert with OSIS will be available to provide advice to participants regarding their individual compliance efforts. Participants of this series will gain valuable information to take back to their organizations to assist them in strengthening their risk management and HIPAA compliance program.

Why the webinar series?Health Centers are facing ever increasing regulations as changes in HIPAA/HITECH took place from the finalization of the Omnibus Rule along with increasing security requirements related to electronic health records through Meaningful Use incentives.Why should Health Centers be concerned? Health Information has become a ‘hot’ commodity in the underground markets and is about ten times more valuable than financial information such as that associated with credit cards. Why is health care information so valuable? Individuals can resell insurance information to people who don’t have insurance; they can gain access to prescription drugs, and of course, steal identities to open up fraudulent accounts. Medical identity theft is the fastest-growing crime and has grown over 20% since 2012 costing the U.S close to $31 billion a year. In addition, it can cost an individual over $20,000 to resolve a case of medical identity theft.Civil monetary penalties and class action lawsuits are always a big concern to consider if your Health Center ever falls victim to security breach. Data security breaches cost the U.S. health care industry $6.5 billion annually. On average, it costs a health care organization $233 per individual record breached with the full cost of a breach to a company averaging $5.4 million. Considering federal civil monetary penalties for a privacy/security violation it can cost $50,000 per violation with an aggregate limit of $1.5 million per year and OCR has collected over $50 million to date from enforcement activities, it is definitely more cost effective for a health center to be HIPAA compliant.Individuals attesting to meaningful use are claiming federal funds and should be aware that providing any false, incomplete, or misleading information could subject them personally to civil and criminal penalties. It is imperative that you complete your risk assessment today and comply with the HIPAA/HITECH Privacy and Security Rules. At the end of the day, being HIPAA compliant is about protecting your organization’s information, revenue, and reputation.

 

Presenter:

Jay Trinckes is Vice President of Information Security at OSIS, a 501c(3) non-profit organization that assists Federally Qualified Health Centers with Information Technology and security related services to improve the quality of care delivered to the underserved population. Mr. Trinckes is the author of "The Definitive Guide to Complying with the HIPAA/HITECH Privacy and Security Rules”, (CRC Press, 2012) and "The Executive MBA in Information Security”, (CRC Press, 2010). Recently, Mr. Trinckes has presented on the topic of HIPAA and other related Information Security topics across the country through RAC Monitor, NWRPCA-CHAMPS Conference, NACHC-FOM-IT Conference, and locally through HRSA regional group. Mr. Trinckes is scheduled to present on HIPAA at the Practice Management Institute’s National Conference held in Chicago, Illinois this May. Mr. Trinckes holds a Bachelor’s Degree in Business Administration/MIS along with several certifications such as the Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), National Security Agency (NSA) INFOSEC Assessment Methodology (IAM), and INFOSEC Evaluation Methodology (IEM). Mr. Trinckes brings a wealth of knowledge in information security through his hands-on experience performing risk assessments, vulnerability/penetration tests, developing information security management programs, and from his experiences as a former law enforcement officer.

 

Final Webinar in the 5-Part Series

April 17, 2014

Webinar 5 of 5: Remediation Steps Post Preliminary Security Risk Assessment for FQHCs

Click here to register

 
Association Management Software Powered by YourMembership  ::  Legal