Healthcare Compliance Events

Upcoming events

The Information Technology Project

Date: Wednesday, June 9, 2021
Presenter: Gerry Blass, President and CEO

This webinar will cover the following:
The Information Technology Project (IT Project), previously known as the Community Management Information System (MIS) initiative began in May of 1984 and is a joint undertaking between the New Jersey Division of Mental Health and Addiction Services (DMHAS) and the New Jersey Association of Mental Health and Addiction Agencies, Inc. (NJAMHAA) to enhance the development and promotion of an effective, efficient and high-quality community mental health, substance use and intellectual/ developmental disabilities (I/DD) services system in New Jersey by adopting, implementing and appropriately using technology.

The goal of the NJAMHAA IT Project is to maximize providers’ effective and efficient use of technology while serving the most vulnerable residents of New Jersey through the provision of technical education, hardware and software maintenance, and technical assistance and support, in all areas of business operations, including but not limited to corporate compliance, quality assurance, billing and collections and human resources.

The NJAMHAA IT Project developed this annual conference to meet the needs of and enhance communication among information technology professionals, as well as executives and clinical managers, within mental health care, substance use treatment and I/DD service agencies.

Register Now

Cybersecurity Update from the Experts

Date: Friday, June 25, 2021
Time: 12pm – 1:15pm EDT
CPE Credit: 1 credit

This webinar will cover the following:
In this session, hear from a panel of healthcare Information Technology leaders from three types of healthcare organizations located in NY and NJ. The discussion will focus on internal and external cybersecurity risks and identify new risks directly related to the 2020 pandemic. Listen as the panel shares lessons learned and advice for reducing cybersecurity risk.


Robert Babin, panelist, is Director of Strategic Initiatives and CISO at St. Peters Healthcare System in New Brunswick, NJ. Bob has over 35 years of experience in manufacturing, financial, and healthcare technology, serving in various management capacities, including director, senior vice president, and C-level, bringing strategic experience to information technology and operations.

As CISO, Bob oversees efforts information security efforts around regulatory and audit compliance, policy development, technology risk mitigation, vulnerability management, and administering the information security program at St. Peters. Bob holds three Masters of Science degrees in business and technology management and has earned CISA and CISM certifications. He is an active member of ISACA, NJHIMSS, CHiME, ISSA, AEHIS, NJHA/CTISO, NH-ISAC, NJCCIC, and MS-ISAC.

Paul Garrin, panelist, is CIO at Urban Health Plan in the Bronx, NYC. Paul has over 30 years of accumulated experience in the financial and healthcare technologies space serving in various management capacities from C-Level and Vice President, focusing on Information Technology in medium to large ambulatory, hospital, and healthcare systems.

Paul is an expert at leading change under challenging circumstances at C-suite and executive levels. Able to rapidly assess situations and smoothly integrate within the organization quickly to produce positive results. Paul has extensive knowledge in implementing and executing computerized systems, IT operations, human capital, process improvement, infrastructure/security architectures, and IT road maps.

Jason Tahaney, panelist, is the Director of Information Technology for Community Options Inc. Community Options is a nationally based nonprofit organization that believes in every person’s dignity and in the freedom of all people to experience the highest degree of self-determination. Following this philosophy, Community Options provides housing and employment opportunities for people with disabilities.

Jason’s passion, drive, and commitment to all things Information Technology is clearly shown by his 20 years of experience in the IT field. Over the last 20 years, Jason has helped architect several Information Technology solutions, specifically in the Healthcare IT field, that have stood the test of time and helped organizations succeed. While Jason is not tracking down the next Technology trend or researching the latest cybersecurity threat, he enjoys spending time with his family in a small town located in central NJ.

Gerry Blass, moderator, is the founder and CEO of ComplyAssistant, a GRC software and service solutions provider to over 100 healthcare organizations, focusing on cybersecurity and compliance frameworks and regulations.

Gerry formerly served as CISO for Meridian Health in New Jersey and chair of NJ HIMSS, Security and Compliance Committee, where he remains an active member. Gerry is a regular contributor and author to leading healthcare compliance and health IT publications and has spoken at industry association events with HIMSS, HFMA, NCHICA, NJPCA, NJAMHAA, and HCCA.

Learning Objectives:

  • Learn the status of cybersecurity from the perspective of three (3) healthcare provider experts in different geographic settings and types of organizations
  • Understand current internal and external cybersecurity issues and how the pandemic quickly created new vulnerabilities and risks.
  • Recognize tactics you can use to increase awareness of cybersecurity risks within your organization.

*Attendance will be based on responding to three polling questions during the live broadcast. CPE credit is only granted for the live viewing of this webinar. A basic understanding of healthcare information privacy and security is a prerequisite for attendance. CPE credits will be awarded based on a 50-minute hour.

Register Now


WEBINAR: How to Be Ready to Pass a Surprise COVID-19 Audit

The New Jewish Home in NYC was audited by the Department of Health (DOH) in the middle of the pandemic and passed the audit with excellent results. In this on-demand webinar, Dana Penny, Chief Compliance Officer at The New Jewish Home in NYC discusses how any type of healthcare provider can be prepared to provide excellent documentation should they undergo a surprise audit.

Viewers will learn:

  • Ways to organize and maintain your organization’s pandemic emergency preparedness plan
  • How to apply guidance checklists from the CDC, WHO, HHS, CMS and more
  • How to staff an Emergency Preparedness team and the processes needed to successfully pass an audit and demonstrate regulatory compliance
  • How to apply management tools to assist with planning, documentation and execution

Download presentation   |   Watch video

PRESENTATION: It’s Not Just IT: Why Cybersecurity and Risk Management Needs a Multi-Disciplinary Approach

Cybersecurity and risk management is a responsibility that everyone shares. It requires a top-down approach and commitment shared by every member of the senior leadership team. 

In this presentation, Gerry Blass, President and CEO of ComplyAssistant, and Bob Babin, Director, Strategic Initiatives and Chief Information Security Officer at Saint Peter’s Healthcare System discuss an action plan for developing a multi-disciplinary program that will protect healthcare organizations’ confidential information, brand, information system assets and patient PHI. Using real-world case studies, the presentation will provide strategies and justification for funding a robust, long-term cybersecurity and risk management program.

From this presentation, you will learn how to:

  1. Garner commitment from the entire senior leadership team to build, resource and enforce a cybersecurity and risk management program.
  2. Plan for and properly resourcing a cybersecurity team, and why it should be separate from the IT department.
  3. Identify best practices to create and enforce a cybersecurity policy that works for your organization.

Download presentation

PRESENTATION: Who’s Holding Your PHI? A Strategic Plan to Take Control of Your Security Risk Management

Every healthcare provider, regardless of size or complexity, should have a strategy in place for security risk management. With momentous changes in healthcare technology over the past four decades, protected health information is more valuable now than ever before, making it more vulnerable to breach.

In this presentation, Gerry Blass, President and CEO of ComplyAssistant, and Mike Chirico, former Information Security Officer with New Bridge Medical Center, demonstrate the importance of properly funding and resourcing a security risk management strategy, and propose how healthcare providers can build their own program using action steps.

In this on-demand presentation, Gerry and Mike:

  • Explain how to identify the essential components of a comprehensive security risk management strategy to ensure controls are in place to safeguard protected health information (PHI).
  • Examine best practices, gleaned from real-world examples of healthcare security breaches, for creating and enforcing a security risk management strategy that can work for any organization, regardless of size or complexity.
  • Highlight the various security frameworks available, and how to choose which framework is right for your organization.

Download presentation

WEBINAR: Manage Third Party (BA) Risk by Exception

A significant number of HIPAA breaches are caused by business associates (BAs) and their downstream BAs. What should covered entities (CEs) do to protect themselves, demonstrate due diligence and reduce risk?

CEs are responsible to manage their BAs from both a contract standpoint and an information privacy and security standpoint. And, BAs are responsible to do the same for their own subcontractors (aka downstream BAs).

This webinar includes what CEs and BAs should consider when implementing a functional BA management program, such as:

  • BA inventory organization
  • Criteria to consider for rating a BA’s inherent risk
  • How to effectively administer a large number of BA assessments using an automated approach with exception management
  • Rate assessments based on risk level and documented evidence
  • Assign mitigation action items

Watch video   |   Download presentation

WEBINAR: Third Party Security Risk Management

In this on-demand webinar from ComplyAssistant, hear from a General Counsel, Chief Compliance Officer and Chief Information Security Officer about their challenges and goals for effectively managing their third-party business associate contracts and risk.

In this presentation, you will hear:

  • Operational issues from a legal standpoint in identifying, risk scoring, collaborating with IS, auditing BAs and examples from cases and settlements
  • Partnering with IT and managing BAs from the compliance officer’s perspective
  • Managing BAs from the CISO’s perspective, with special consideration for large, dispersed organizations with a highly mobile workforce

Watch video 

WEBINAR: OCR Phase 2 Audit Protocol

Join Helen Oscislawski, founder of Attorneys at Oscislawski LLC, for this on-demand webinar that reviews the OCR Phase 2 Audit protocols. At the time of this webinar, covered entities had begun to receive requests for information from OCR related to the HIPAA Phase 2 Audits. These requests will form the basis for the final pool of auditees. 

In this on-demand webinar, you will learn how to:

  1. Prepare for an OCR desk audit
  2. Assemble pertinent business associate information
  3. Identify likely focus areas based on recent OCR enforcement activities
  4. Identify common organizational pitfalls
  5. Identify and correct organizational gaps in policies and procedures.

Watch video   |   Download presentation