How to Maintain an Enterprise-Wide Security and Compliance Strategy in a Decentralized Model
September 22, 2020
1:00pm – 2:30pm ET
HCCA web conference
During this web conference with HCCA, attendees will learn key traits and the complexity of an enterprise-wide security and compliance strategy, and how to create an overarching vision, even within a decentralized IT governance model. Hear real-world best practices to manage security and compliance across disparate departments and geographic locations, learn strategies to keep your executive team and board of directors informed, and learn how to future-proof your enterprise-wide strategy.
Dana Penny, Chief Compliance Officer at The New Jewish Home in NYC
Ken Reiher, VP of Operations at ComplyAssistant
How to Be Ready To Pass a Surprise COVID-19 Dept of Health Audit
September 24, 2020
2:00pm – 3:00pm EDT
In the midst of the COVID-19 pandemic, The New Jewish Home, an urban long-term care facility in New York City, was spot audited by the Department of Health (DOH), and passed the audit with excellent results. This presentation will cover how any type of healthcare provider can be prepared to provide excellent documentation should they undergo a surprise audit, including:
- Ways to prepare your organization’s pandemic emergency preparedness plan and to efficiently maintain it on an ongoing basis.
- How The New Jewish Home used checklists from the CDC, WHO, HHS, CMS, and more to gather required data.
- The makeup of the organization’s Emergency Preparedness team, and the processes they followed to successfully pass the audit and demonstrate regulatory compliance.
- Guidance on management tools that assisted in planning documentation and execution.
Dana Penny, Chief Compliance Officer at The New Jewish Home in NYC
Gerry Blass, President and CEO at ComplyAssistant
NJAMHAA 2020 IT Project Conference
October 21, 2020
The NJAMHAA IT Project Conference was created to meet the needs of and enhance communication among IT professionals within mental healthcare and addiction treatment agencies, as well as other nonprofit organizations.
Ken Reiher, VP of Operations for ComplyAssistant, and Bob Babin, Director, Strategic Initiatives and Chief Information Security Officer at Saint Peter’s Healthcare System will speak on “Trust but Verify: How to Protect your Organization from Third-Party Security Breaches.”
NCHICA 16th Academic Medical Center Security & Privacy Conference
October 21-22, 2020
The NCHICA AMC Security & Privacy Conference brings together healthcare privacy, security and compliance professionals to learn how their peers are handling privacy and security challenges unique to AMCs and large healthcare delivery organizations.
Gerry Blass, President and CEO of ComplyAssistant, and Jason Tahaney, Director of Technology for Community Options, Inc. will speak on “A Day in the Life of a Healthcare CISO: Tackling Health IT’s Most Common Challenges with a Proven Risk Management Strategy.”
WEBINAR: How to Be Ready to Pass a Surprise COVID-19 Audit
The New Jewish Home in NYC was audited by the Department of Health (DOH) in the middle of the pandemic and passed the audit with excellent results. In this on-demand webinar, Dana Penny, Chief Compliance Officer at The New Jewish Home in NYC discusses how any type of healthcare provider can be prepared to provide excellent documentation should they undergo a surprise audit.
Viewers will learn:
- Ways to organize and maintain your organization’s pandemic emergency preparedness plan
- How to apply guidance checklists from the CDC, WHO, HHS, CMS and more
- How to staff an Emergency Preparedness team and the processes needed to successfully pass an audit and demonstrate regulatory compliance
- How to apply management tools to assist with planning, documentation and execution
PRESENTATION: It’s Not Just IT: Why Cybersecurity and Risk Management Needs a Multi-Disciplinary Approach
Cybersecurity and risk management is a responsibility that everyone shares. It requires a top-down approach and commitment shared by every member of the senior leadership team.
In this presentation, Gerry Blass, President and CEO of ComplyAssistant, and Bob Babin, Director, Strategic Initiatives and Chief Information Security Officer at Saint Peter’s Healthcare System discuss an action plan for developing a multi-disciplinary program that will protect healthcare organizations’ confidential information, brand, information system assets and patient PHI. Using real-world case studies, the presentation will provide strategies and justification for funding a robust, long-term cybersecurity and risk management program.
From this presentation, you will learn how to:
- Garner commitment from the entire senior leadership team to build, resource and enforce a cybersecurity and risk management program.
- Plan for and properly resourcing a cybersecurity team, and why it should be separate from the IT department.
- Identify best practices to create and enforce a cybersecurity policy that works for your organization.
PRESENTATION: Who’s Holding Your PHI? A Strategic Plan to Take Control of Your Security Risk Management
Every healthcare provider, regardless of size or complexity, should have a strategy in place for security risk management. With momentous changes in healthcare technology over the past four decades, protected health information is more valuable now than ever before, making it more vulnerable to breach.
In this presentation, Gerry Blass, President and CEO of ComplyAssistant, and Mike Chirico, former Information Security Officer with New Bridge Medical Center, demonstrate the importance of properly funding and resourcing a security risk management strategy, and propose how healthcare providers can build their own program using action steps.
In this on-demand presentation, Gerry and Mike:
- Explain how to identify the essential components of a comprehensive security risk management strategy to ensure controls are in place to safeguard protected health information (PHI).
- Examine best practices, gleaned from real-world examples of healthcare security breaches, for creating and enforcing a security risk management strategy that can work for any organization, regardless of size or complexity.
- Highlight the various security frameworks available, and how to choose which framework is right for your organization.
WEBINAR: Manage Third Party (BA) Risk by Exception
A significant number of HIPAA breaches are caused by business associates (BAs) and their downstream BAs. What should covered entities (CEs) do to protect themselves, demonstrate due diligence and reduce risk?
CEs are responsible to manage their BAs from both a contract standpoint and an information privacy and security standpoint. And, BAs are responsible to do the same for their own subcontractors (aka downstream BAs).
This webinar includes what CEs and BAs should consider when implementing a functional BA management program, such as:
- BA inventory organization
- Criteria to consider for rating a BA’s inherent risk
- How to effectively administer a large number of BA assessments using an automated approach with exception management
- Rate assessments based on risk level and documented evidence
- Assign mitigation action items
WEBINAR: Third Party Security Risk Management
In this on-demand webinar from ComplyAssistant, hear from a General Counsel, Chief Compliance Officer and Chief Information Security Officer about their challenges and goals for effectively managing their third-party business associate contracts and risk.
In this presentation, you will hear:
- Operational issues from a legal standpoint in identifying, risk scoring, collaborating with IS, auditing BAs and examples from cases and settlements
- Partnering with IT and managing BAs from the compliance officer’s perspective
- Managing BAs from the CISO’s perspective, with special consideration for large, dispersed organizations with a highly mobile workforce
WEBINAR: OCR Phase 2 Audit Protocol
Join Helen Oscislawski, founder of Attorneys at Oscislawski LLC, for this on-demand webinar that reviews the OCR Phase 2 Audit protocols. At the time of this webinar, covered entities had begun to receive requests for information from OCR related to the HIPAA Phase 2 Audits. These requests will form the basis for the final pool of auditees.
In this on-demand webinar, you will learn how to:
- Prepare for an OCR desk audit
- Assemble pertinent business associate information
- Identify likely focus areas based on recent OCR enforcement activities
- Identify common organizational pitfalls
- Identify and correct organizational gaps in policies and procedures.