HIPAA Risk Assessments are a valuable component of a healthcare organization's information security program. They fulfill a mandatory requirement of the HIPAA Security Rule, Omnibus Rule, and where applicable, the EHR Meaningful Use Incentive Program. Compliance, however, is not synonymous with security.

The purpose of an HSRA is to identify threats and vulnerabilities. But without a comprehensive remediation and ongoing risk management plan, the HSRA itself is of little value. Further, many HSRA's are too limited in scope, focusing only on policies or "low-hanging" fruit while ignoring more critical and complex risks.

From 2010-2013, the vast majority of breaches of PHI resulted from lost or stolen portable devices. In 2014, the landscape changed. Hackers went on the attack, attracted by high value of data stores of PHI. Millions of health records were stolen. Hackers typically exploit vulnerabilities in the network infrastructure or in web applications. In addition, individual credentials are often compromised through "phishing" email attacks. Were these risks identified in your HSRA?

In this webinar, attendees will learn how these critical risk factors can be reduced through penetration testing, web application assessments, social engineering testing, and security awareness training.

Learn why HIPAA compliance isn't everything; Better understand the IT threat landscape; Determine your organization's level of "security readiness" Discover new security tactics for lowering your risk of PHI data breach.