Iliana Peters, JD, CISSP, former Acting Deputy Director of HHS Office for Civil Rights, will offer advice in her first security industry webinar since she left the U.S. government. This free webinar, on March 14 at 10:00 CST, was created to help covered entities and business associates understand and act on the specific Risk Assessment requirements included in the HIPAA Security Final Rule. In "Understanding the Critical Difference: HIPAA Security Evaluation v. HIPAA Security Risk Assessment," Peters will be joined by cyber risk management expert Bob Chaput, CEO of Clearwater Compliance.
During this interactive, 75-minute webinar, Peters and Chaput will focus on helping attendees:
- Understand and address three (3) very specific AND different HIPAA Security Rule assessment requirements;
- Explain why security opinions (e.g., SSAE Soc2) or "Certifications" (e.g., HITRUST) do NOT fully satisfy HIPAA compliance requirements; and,
- Articulate to colleagues and management what constitutes a comprehensive and accurate HIPAA Security Rule Risk Analysis.
Peters joined the Washington office of the law firm Polsinelli on Feb. 5, 2018.
"As the former Acting Deputy Director HHS Office for Civil Rights, I have seen firsthand, very highly regarded, and well-meaning companies respond to an OCR data request with what they thought was a good risk analysis, only to discover what they had was a gap or compliance analysis that is not sufficient for the HIPAA Security Rule's requirements," said Peters. "During the March 14th webinar, we will discuss some of the foundational requirements of the HIPAA Security Rule, specifically Risk Analysis and Evaluation."
"Clearwater's education center is packed with resources to guide you at each stage of your information risk management journey," said Chaput. "Our free webinar series reaches an audience of hundreds. In May 2017, when we presented with Leon Rodriguez, we had more than 1,000 people join us in that conversation," said Chaput. "This sort of response is due in part to delivering, time and time again, what I see as our true purpose: providing deep insights into compliance and cyber risks."