NJAMHAA 2020 IT Project Conference
October 21, 2020
The NJAMHAA IT Project Conference was created to meet the needs of and enhance communication among IT professionals within mental healthcare and addiction treatment agencies, as well as other nonprofit organizations.
Ken Reiher, VP of Operations for ComplyAssistant, and Bob Babin, Director, Strategic Initiatives and Chief Information Security Officer at Saint Peter’s Healthcare System will speak on “Trust but Verify: How to Protect your Organization from Third-Party Security Breaches.”
NCHICA 16th Academic Medical Center Security & Privacy Conference
October 21-22, 2020
The NCHICA AMC Security & Privacy Conference brings together healthcare privacy, security and compliance professionals to learn how their peers are handling privacy and security challenges unique to AMCs and large healthcare delivery organizations.
Gerry Blass, President and CEO of ComplyAssistant, and Jason Tahaney, Director of Technology for Community Options, Inc. will speak on “A Day in the Life of a Healthcare CISO: Tackling Health IT’s Most Common Challenges with a Proven Risk Management Strategy.”
PRESENTATION: It’s Not Just IT: Why Cybersecurity and Risk Management Needs a Multi-Disciplinary Approach
Cybersecurity and risk management is a responsibility that everyone shares. It requires a top-down approach and commitment shared by every member of the senior leadership team.
In this presentation, Gerry Blass, President and CEO of ComplyAssistant, and Bob Babin, Director, Strategic Initiatives and Chief Information Security Officer at Saint Peter’s Healthcare System discuss an action plan for developing a multi-disciplinary program that will protect healthcare organizations’ confidential information, brand, information system assets and patient PHI. Using real-world case studies, the presentation will provide strategies and justification for funding a robust, long-term cybersecurity and risk management program.
From this presentation, you will learn how to:
- Garner commitment from the entire senior leadership team to build, resource and enforce a cybersecurity and risk management program.
- Plan for and properly resourcing a cybersecurity team, and why it should be separate from the IT department.
- Identify best practices to create and enforce a cybersecurity policy that works for your organization.
PRESENTATION: Who’s Holding Your PHI? A Strategic Plan to Take Control of Your Security Risk Management
Every healthcare provider, regardless of size or complexity, should have a strategy in place for security risk management. With momentous changes in healthcare technology over the past four decades, protected health information is more valuable now than ever before, making it more vulnerable to breach.
In this presentation, Gerry Blass, President and CEO of ComplyAssistant, and Mike Chirico, former Information Security Officer with New Bridge Medical Center, demonstrate the importance of properly funding and resourcing a security risk management strategy, and propose how healthcare providers can build their own program using action steps.
In this on-demand presentation, Gerry and Mike:
- Explain how to identify the essential components of a comprehensive security risk management strategy to ensure controls are in place to safeguard protected health information (PHI).
- Examine best practices, gleaned from real-world examples of healthcare security breaches, for creating and enforcing a security risk management strategy that can work for any organization, regardless of size or complexity.
- Highlight the various security frameworks available, and how to choose which framework is right for your organization.
WEBINAR: Manage Third Party (BA) Risk by Exception
A significant number of HIPAA breaches are caused by business associates (BAs) and their downstream BAs. What should covered entities (CEs) do to protect themselves, demonstrate due diligence and reduce risk?
CEs are responsible to manage their BAs from both a contract standpoint and an information privacy and security standpoint. And, BAs are responsible to do the same for their own subcontractors (aka downstream BAs).
This webinar includes what CEs and BAs should consider when implementing a functional BA management program, such as:
- BA inventory organization
- Criteria to consider for rating a BA’s inherent risk
- How to effectively administer a large number of BA assessments using an automated approach with exception management
- Rate assessments based on risk level and documented evidence
- Assign mitigation action items
WEBINAR: Third Party Security Risk Management
In this on-demand webinar from ComplyAssistant, hear from a General Counsel, Chief Compliance Officer and Chief Information Security Officer about their challenges and goals for effectively managing their third-party business associate contracts and risk.
In this presentation, you will hear:
- Operational issues from a legal standpoint in identifying, risk scoring, collaborating with IS, auditing BAs and examples from cases and settlements
- Partnering with IT and managing BAs from the compliance officer’s perspective
- Managing BAs from the CISO’s perspective, with special consideration for large, dispersed organizations with a highly mobile workforce
WEBINAR: OCR Phase 2 Audit Protocol
Join Helen Oscislawski, founder of Attorneys at Oscislawski LLC, for this on-demand webinar that reviews the OCR Phase 2 Audit protocols. At the time of this webinar, covered entities had begun to receive requests for information from OCR related to the HIPAA Phase 2 Audits. These requests will form the basis for the final pool of auditees.
In this on-demand webinar, you will learn how to:
- Prepare for an OCR desk audit
- Assemble pertinent business associate information
- Identify likely focus areas based on recent OCR enforcement activities
- Identify common organizational pitfalls
- Identify and correct organizational gaps in policies and procedures.