If you receive, store, process or transmit ePHI, you should attend this webinar on how to conduct a HIPAA Security Risk Analysis. This webinar also briefly reviews the HIPAA-HITECH regulatory requirements for security risk analysis and risk management and provides a practical methodology and step-by-step instructions for completing a Risk Analysis according to the latest Health and Human Services (HHS) and Office of Civil Rights (OCR) Risk Analysis guidelines, entitled “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”.

1. How To Conduct a HIPAA Security Risk Analysis
Live Webinar – Practical, Actionable Steps
Tuesday, November 30, 2010
(3:30pm ET, 2:30 CT, 1:30 MT, 12:30 PT)
Duration: 90 minutes
1 © 2010 HITECH Security Advisors LLC • All Rights Reserved •
The Challenge
The deadline for HIPAA Security Rule compliance for Covered Entities (CEs) was April 2005! For Business
Associates (BAs), the date was February 2010… when they become statutorily obligated to comply with the law as
a result of Health Information Technology for Economic and Clinical Health (HITECH) Act, which was enacted as
part of the American Recovery and Reinvestment Act (ARRA) of 2009.
Additionally, the federal government unveiled its criteria for the Meaningful Use of electronic health
records (EHRs) on July 13. The criteria must be met in order for a hospital or eligible provider (EP) to
qualify for reimbursement of the cost of EHR software under the American Recovery and Reinvestment
Act of 2009 (ARRA). The meaningful use criteria have been divided into two groups -- the core set, which
is mandatory, and the menu set, from which hospitals and EPs may choose five of the 10 criteria. The
mandatory core set includes a specific privacy / security requirement to “Protect electronic health
information created or maintained by the certified EHR technology through the implementation of
appropriate technical capabilities.” For both hospitals and EPs, the certification criteria is to “Conduct
or review a security risk analysis and implement security updates as necessary.”
Whether for overall HIPAA-HITECH compliance or for meeting Meaningful Use requirements, completing a formal
HIPAA Security Risk Analysis is both a foundational compliance step and a requirement of the law:
(1)(i) Standard: Security management process. Implement policies and procedures to
prevent, detect, contain, and correct security violations.
(ii) Implementation specifications:
(A) Risk analysis (Required). Conduct an accurate and thorough
assessment of the potential risks and vulnerabilities to the
confidentiality, integrity, and availability of electronic protected
health information held by the covered entity.
The Solution
If you receive, store, process or transmit ePHI, you should attend this webinar on how to conduct a HIPAA
Security Risk Analysis.
This webinar also briefly reviews the HIPAA-HITECH regulatory requirements for security risk analysis and risk
management and provides a practical methodology and step-by-step instructions for completing a Risk Analysis
according to the latest Health and Human Services (HHS) and Office of Civil Rights (OCR) Risk Analysis guidelines,
entitled “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”.
The concepts of risk, threats, vulnerabilities, impact, likelihood and many others are explained in this webinar. A
classic categorization of risks into a matrix is explored. This webinar helps you determine your risks, categorize
them as Low, Medium, High or Critical and then develop a risk remediation action plan.

2. How To Conduct a HIPAA Security Risk Analysis
Live Webinar – Practical, Actionable Steps
Tuesday, November 30, 2010
(3:30pm ET, 2:30 CT, 1:30 MT, 12:30 PT)
Duration: 90 minutes
2 © 2010 HITECH Security Advisors LLC • All Rights Reserved •
The Results
This Risk Analysis and Methodology presented in the webinar has been used by organizations of all sizes and is
purposefully designed to be able to be able to be used by the largest CEs and BAs (e.g., hospitals, insurors, care
management firms, etc) to the smallest CEs and BAs (e.g., small medical practices, clinics, dental offices, medical
billing companies etc.).
No matter where you are in your HIPAA-HITECH compliance journey, you will benefit from learning about:
• The Risk Analysis implementation specification
• HHS/OCR Final Guidance on Risk Analysis
• How to actually perform a risk analysis
Many CEs have ignored the HIPAA Security law for the last five years. A majority of BAs are not even aware of
their new obligations under the law. Will compliance change? -- Most experts think so and so do we! The Health
Information Technology for Economic and Clinical Health (HITECH) Act has been called a "game changer" because
it significantly strengthens many aspects of the HIPAA Security Rule (and Privacy Rule), including the penalties that
the U.S. Department of Health and Human Services (HHS) could impose for violations of the HIPAA rules as well as
enforcement. As a visible demonstration of seriousness, HHS has begun posting Data Breach
Notifications/Violations, required by law, on its web site.
If you are a “Business Associate” or “Covered Entity” or a “subcontractor” that creates, receives, maintains or
transmits ePHI, you will benefit from this webinar.
Who Should Attend?
Business leaders and managers with responsibility for Risk Management, Corporate Compliance, and HIPAA-
HITECH Privacy and Security compliance should attend. CEOs, COOs, CFOs, Chief Compliance Officers, Chief Risk
Officers, Chief Privacy Officers, Chief Security Officers, Chief Information Officers.
Agenda:
This session is offered as a 60-90-minute webinar using the GoToWebinar platform. The open format encourages
questions during and after the session. Attendees will receive the presentation materials.
In this live session, attendees will learn about:
• Risk Analysis essentials
• Specific requirements outlined in HHS/OCR Final Guidance
• A Practical Risk Analysis Methodology
• Step-by-Step Instructions for completing a HIPAA Risk Analysis
• Tools, templates and forms available to help you

3. How To Conduct a HIPAA Security Risk Analysis
Live Webinar – Practical, Actionable Steps
Tuesday, November 30, 2010
(3:30pm ET, 2:30 CT, 1:30 MT, 12:30 PT)
Duration: 90 minutes
3 © 2010 HITECH Security Advisors LLC • All Rights Reserved •
This webinar is designed to help CEs and BAs understand and act on the specific Risk Analysis requirements
included in the HIPAA Security Final Rule, as amended by The HITECH Act.
About the Presenter: Bob Chaput, MA, CHP, CHSS, MCSE
Bob is president of HITECH Security Advisors LLC and Data Mountain LLC. Both firms help organizations manage
increasingly more significant business risks associated with the protection of personally identifiable information.
Over the past 30 years, Bob has worked as an educator, an executive and an entrepreneur. He has assisted
businesses and individuals in developing highly secure information technology (IT) strategies that are tightly linked
with their business strategies and goals. His workshops, seminars, writings and consultations reflect his
knowledge, humor, enthusiasm and vision.
Bob is no stranger to managing and protecting large amounts of data – his experience includes managing some of
the world’s largest healthcare data sets, requiring the highest levels of security and privacy. Bob’s experience as a
CIO and general manager leading global organizations at GE, Johnson & Johnson and Healthways for 30 years
equips him to help others make critical decisions about information technology and implement more sound and
secure data protection solutions. His 30-year career includes 25 years of responsibility for online data backup and
recovery, disaster recovery and business continuity planning, with 20 of those years spanning the highly data-
regulated healthcare industry.
He holds undergraduate and graduate degrees in mathematics, numerous technical certifications and is a Certified
HIPAA Professional (CHP) and a Certified HIPAA Security Specialist (CHSS).
bob.chaput@H3CA.com
http://www.HIPAASecurityAssessment.com
(615) 496-4891
Follow Bob on Twitter: http://twitter.com/BobChaput
Connect with Bob: http://www.LinkedIn.com/in/BobChaput