Please check back in August for additional events.
Health Industry Cybersecurity Practices (HICP) – The Carrot vs. The Stick!
Date: Wednesday, July 21, 2021
Time: 12:00 PM – 12:45 PM (EDT)
ComplyAssistant invites you to a special event webinar on HICP and Risk Register. We will explain the new cybersecurity practice guidelines for small, medium, and large healthcare organizations and how our Risk Register helps you manage the Health Industry Cybersecurity Practices (HICP).
Signed into law on January 5, 2021, HICP provides a practical “cookbook” of recommended security practices to reduce the threat of the top five cybersecurity threats.
The HHS “stick” can be replaced with the HICP “carrot”, and following HICP guidance will reduce cybersecurity risk for service provider organizations. By documenting and demonstrating evidence of compliance for 12 months, covered entities and business associates could receive:
-Mitigated HIPAA fines
-Favorable and early termination of the HIPAA Audit
-Mitigated remedies in a HIPAA resolution agreement with HHS
Are you trying to document and assess all the risks and vulnerabilities?
ComplyAssistant’s new easy-to-use Risk Register software functionality, is ready to assist in the documentation, assessment, and mitigation of risks across your enterprise.
Let us show you how using Risk Register for collecting and assessing your risk is the HICP starting point enterprises of all sizes need.
Gerry Blass, President & CEO, ComplyAssistant
Ken J. Reiher, MBA, Vice President Operations, ComplyAssistant
Laura Casey, Account Management, ComplyAssistant
Donna Grindle, Founder and CEO, Kardon
Cybersecurity Update from the Experts
Date: Friday, June 25, 2021
Time: 12:00 PM – 1:15 PM (EDT)
CPE Credit: 1 credit
This webinar covered the following:
In this session, hear from a panel of healthcare Information Technology leaders from three types of healthcare organizations located in NY and NJ. The discussion will focus on internal and external cybersecurity risks and identify new risks directly related to the 2020 pandemic. Listen as the panel shares lessons learned and advice for reducing cybersecurity risk.
- Learn the status of cybersecurity from the perspective of three (3) healthcare provider experts in different geographic settings and types of organizations
- Understand current internal and external cybersecurity issues and how the pandemic quickly created new vulnerabilities and risks.
- Recognize tactics you can use to increase awareness of cybersecurity risks within your organization.
The Information Technology Project
Date: Wednesday, June 9, 2021
Presenter: Gerry Blass, President and CEO
This webinar will cover the following:
The Information Technology Project (IT Project), previously known as the Community Management Information System (MIS) initiative began in May of 1984 and is a joint undertaking between the New Jersey Division of Mental Health and Addiction Services (DMHAS) and the New Jersey Association of Mental Health and Addiction Agencies, Inc. (NJAMHAA) to enhance the development and promotion of an effective, efficient and high-quality community mental health, substance use and intellectual/ developmental disabilities (I/DD) services system in New Jersey by adopting, implementing and appropriately using technology.
The goal of the NJAMHAA IT Project is to maximize providers’ effective and efficient use of technology while serving the most vulnerable residents of New Jersey through the provision of technical education, hardware and software maintenance, and technical assistance and support, in all areas of business operations, including but not limited to corporate compliance, quality assurance, billing and collections and human resources.
The NJAMHAA IT Project developed this annual conference to meet the needs of and enhance communication among information technology professionals, as well as executives and clinical managers, within mental health care, substance use treatment and I/DD service agencies.
WEBINAR: How to Be Ready to Pass a Surprise COVID-19 Audit
The New Jewish Home in NYC was audited by the Department of Health (DOH) in the middle of the pandemic and passed the audit with excellent results. In this on-demand webinar, Dana Penny, Chief Compliance Officer at The New Jewish Home in NYC discusses how any type of healthcare provider can be prepared to provide excellent documentation should they undergo a surprise audit.
Viewers will learn:
- Ways to organize and maintain your organization’s pandemic emergency preparedness plan
- How to apply guidance checklists from the CDC, WHO, HHS, CMS and more
- How to staff an Emergency Preparedness team and the processes needed to successfully pass an audit and demonstrate regulatory compliance
- How to apply management tools to assist with planning, documentation and execution
PRESENTATION: It’s Not Just IT: Why Cybersecurity and Risk Management Needs a Multi-Disciplinary Approach
Cybersecurity and risk management is a responsibility that everyone shares. It requires a top-down approach and commitment shared by every member of the senior leadership team.
In this presentation, Gerry Blass, President and CEO of ComplyAssistant, and Bob Babin, Director, Strategic Initiatives and Chief Information Security Officer at Saint Peter’s Healthcare System discuss an action plan for developing a multi-disciplinary program that will protect healthcare organizations’ confidential information, brand, information system assets and patient PHI. Using real-world case studies, the presentation will provide strategies and justification for funding a robust, long-term cybersecurity and risk management program.
From this presentation, you will learn how to:
- Garner commitment from the entire senior leadership team to build, resource and enforce a cybersecurity and risk management program.
- Plan for and properly resourcing a cybersecurity team, and why it should be separate from the IT department.
- Identify best practices to create and enforce a cybersecurity policy that works for your organization.
PRESENTATION: Who’s Holding Your PHI? A Strategic Plan to Take Control of Your Security Risk Management
Every healthcare provider, regardless of size or complexity, should have a strategy in place for security risk management. With momentous changes in healthcare technology over the past four decades, protected health information is more valuable now than ever before, making it more vulnerable to breach.
In this presentation, Gerry Blass, President and CEO of ComplyAssistant, and Mike Chirico, former Information Security Officer with New Bridge Medical Center, demonstrate the importance of properly funding and resourcing a security risk management strategy, and propose how healthcare providers can build their own program using action steps.
In this on-demand presentation, Gerry and Mike:
- Explain how to identify the essential components of a comprehensive security risk management strategy to ensure controls are in place to safeguard protected health information (PHI).
- Examine best practices, gleaned from real-world examples of healthcare security breaches, for creating and enforcing a security risk management strategy that can work for any organization, regardless of size or complexity.
- Highlight the various security frameworks available, and how to choose which framework is right for your organization.
WEBINAR: Manage Third Party (BA) Risk by Exception
A significant number of HIPAA breaches are caused by business associates (BAs) and their downstream BAs. What should covered entities (CEs) do to protect themselves, demonstrate due diligence and reduce risk?
CEs are responsible to manage their BAs from both a contract standpoint and an information privacy and security standpoint. And, BAs are responsible to do the same for their own subcontractors (aka downstream BAs).
This webinar includes what CEs and BAs should consider when implementing a functional BA management program, such as:
- BA inventory organization
- Criteria to consider for rating a BA’s inherent risk
- How to effectively administer a large number of BA assessments using an automated approach with exception management
- Rate assessments based on risk level and documented evidence
- Assign mitigation action items
WEBINAR: Third Party Security Risk Management
In this on-demand webinar from ComplyAssistant, hear from a General Counsel, Chief Compliance Officer and Chief Information Security Officer about their challenges and goals for effectively managing their third-party business associate contracts and risk.
In this presentation, you will hear:
- Operational issues from a legal standpoint in identifying, risk scoring, collaborating with IS, auditing BAs and examples from cases and settlements
- Partnering with IT and managing BAs from the compliance officer’s perspective
- Managing BAs from the CISO’s perspective, with special consideration for large, dispersed organizations with a highly mobile workforce
WEBINAR: OCR Phase 2 Audit Protocol
Join Helen Oscislawski, founder of Attorneys at Oscislawski LLC, for this on-demand webinar that reviews the OCR Phase 2 Audit protocols. At the time of this webinar, covered entities had begun to receive requests for information from OCR related to the HIPAA Phase 2 Audits. These requests will form the basis for the final pool of auditees.
In this on-demand webinar, you will learn how to:
- Prepare for an OCR desk audit
- Assemble pertinent business associate information
- Identify likely focus areas based on recent OCR enforcement activities
- Identify common organizational pitfalls
- Identify and correct organizational gaps in policies and procedures.