Steps to HIPAA Compliance and Ransomware Prevention
Objectives of the Presentation
- Taking measures to implement a security management process, of which carrying out a risk analysis that helps identify vulnerabilities and threats to the PHI and implementing steps to mitigate these are a part
- Putting in place measures that detect and guard against malicious software
- Helping to protect data by training users on malicious software about identifying and reporting these, and
- Putting in place access controls by which only designated personnel are authorized and permitted access
These measures on ransomware and HIPAA risks sit along with the existing Security Rule of the HIPAA, which has its own set of steps and rules that need to be taken to protect data privacy.
Why Should you Attend
Ransomware can be defined in simple terms as malicious software that is different from other kinds of malware. It differs fundamentally by attempting to deny access to a user´s data at the source. Ransomware hackers encrypt the data with a key that is known only to them, and release it only after a ransom is paid to them by the user. Ransomware and HIPAA risks have come together after the realization by the HHS about the dangers of this kind of malware.
Business Associates and Covered Entities are in for a jolt when HIPAA investigations relating to ransomware breaches find malpractices. It can ruin the said practice or business. If ransomware is detected, HIPAA considers it a serious breach of security. Such an entity is heavily penalized, and its reputation is at stake.
- What is ransomware
- What are risk factors
- What to do if hijacked
- Audit Process
- What can cause an audit
- How to avoid these issues altogether
- What to do in the event of an audit
- How to speak and deal with Federal auditors
- Risk Assessment
- Best resources