Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk Analysis and HIPAA Security

Published byGlenna Sudirman Modified over 5 years ago

Similar presentations

Presentation on theme: "Risk Analysis and HIPAA Security"— Presentation transcript:

1 Risk Analysis and HIPAA Security
Uday O. Ali Pabrai, CHSS, SCNA Chief Executive and Co-Founder, HIPAA Academy

2 Objective Definition Seven Steps to HIPAA Security
Step 2: Risk Analysis Scope Phases Getting Started Bottom line

3 Definition Process to identify relevant assets and threats
Identifies potential safeguards to mitigate critical risk A HIPAA Security Rule requirement Establish the “State of Risk” associated with the Organization

4 Seven Steps to HIPAA Security

5 Scope Risk Analysis is Step 2 It includes addressing the areas of:
Vulnerability Assessment Scanning Tools Business Impact Analysis (BIA) Critical Business Functions Information System Activity Review Audit Logs

6 Phases of Risk Analysis
Phase I: e-PHI Documentation Document e-PHI Flow, Vital Systems Phase II: e-PHI Risk Assessment Identify Vulnerabilities Recommend Safeguards Phase III: e-PHI Safeguards Determination Likelihood of Risk Impact to e-PHI Remaining Risk to e-PHI

7 Getting Started Phase I: e-PHI Documentation
e-PHI Flow Diagrams Network Diagrams Asset Inventory Risk Assessment Surveys Phase II: e-PHI Risk Assessment HIPAAShieldTM BIA Report HIPAAShieldTM Vulnerability Report Phase III: e-PHI Safeguards Determination HIPAAShieldTM Risk Analysis Report

8 Bottom line “We must be compulsive about managing risk.”
PDF on “HIPAA Security and Risk Analysis” Available at: HIPAAAcademy.Net

Download ppt "Risk Analysis and HIPAA Security"

Similar presentations

RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.

RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.
Jump to first page NIST 800-30 Risk Management Guide for Information Technology Systems Reference:

Jump to first page NIST Risk Management Guide for Information Technology Systems Reference:
1 www.vita.virginia.gov IT Risk Management in Government Jonathan Smith Sr. Risk Manager Commonwealth Security and Risk Management October 1, 2013 www.vita.virginia.gov.

1 IT Risk Management in Government Jonathan Smith Sr. Risk Manager Commonwealth Security and Risk Management October 1,
Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.
Developing a Risk-Based Information Security Program

Developing a Risk-Based Information Security Program
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
CSF Support for HIPAA and NIST Implementation and Compliance Presented By Bryan S. Cline, Ph.D. Presented For HITRUST.

CSF Support for HIPAA and NIST Implementation and Compliance Presented By Bryan S. Cline, Ph.D. Presented For HITRUST.
1 www.vita.virginia.gov Evolving the Cyber Security Program Michael Watson Chief Information Security Officer ISACA 3/12/2015 www.vita.virginia.gov 1.

1 Evolving the Cyber Security Program Michael Watson Chief Information Security Officer ISACA 3/12/
Information Security Policies and Standards

Information Security Policies and Standards
S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Information Security Risk.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Information Security Risk.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Creation of Policies, Part.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Creation of Policies, Part.
By: Ashwin Vignesh Madhu

By: Ashwin Vignesh Madhu
Understanding the Security Vulnerability Assessment Copyright Jean Perois, CPP, PSP, FSyI.

Understanding the Security Vulnerability Assessment Copyright Jean Perois, CPP, PSP, FSyI.
1 USAID/Peru Risk Assessment In-Briefing February 19, 1999 PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME.

1 USAID/Peru Risk Assessment In-Briefing February 19, 1999 PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME.
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
Application Threat Modeling Workshop

Application Threat Modeling Workshop
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.

1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.

Similar presentations

Ads by Google