Upload
keysys-health
View
39
Download
1
Embed Size (px)
Citation preview
HIPAA HITECH EXPRESS®
COMPLIANT. AUDITABLE. PROTECTED.
AN ALL IN ONE SECURITY AND PRIVACY
SOLUTION“The Cost of Risk Management”
WHAT IS A RISK PROGRAM?
There are several components that make up a risk management program.
Monitor & Audit
Communication & Education
Policy & Procedure Development
Establish Roles & Responsibilities, ePHI Boundaries & InventoryRisk Assessment
What does the work look like?Types of Tasks Knowledge Base•Risk Assessment & Gap Analysis •Risk Management Plan•Security Policies & Procedures customization
HIPAA Security Rule (45 CFR 164.308)Policy DesignControl effectiveness, weakness, and vulnerabilities
•Remediation Project Management •Training Development
Project Management Standard Practices
•Program Monitoring •Program Reporting
•Ability to translate and provide cogent advice to senior management regarding the impact of emerging industry trends in technology, compliance enforcement, legislation and regulations
•Enforcement •Auditing & Reassessment of Program Effectiveness
•Working knowledge of management of an effective risk and compliance program, including conducting and documenting investigations•Addressing violations and monitoring corrective actions
IMPACT TO THE PRACTICE? Typical compliance manager cost to direct this business function:
• Based on this survey of risk manager salary data, a practice could incur an annual expense of around $86,800.00 for a full time employee to manage this function.
• This comes out to roughly $7200.00 a month, assuming the industry average of 120 hours of work effort per month.
THE RISK OF INACTION OCR monetary penalties for breach violations
Unknowable = $100.00 per record
Reasonable Cause = $1,000.00 per record
Willful Neglect - Correct in 30 days = $10,000.00 per record
Willful Neglect – Failure to Correct = $50,000.00 per record
Cost of Staff time to investigate/recover/resolve
Estimated at $50.00 per record
Potential Criminal and Civil penalties
From the 2011 Ponemon Study on average breached firms lost 2.1% of their market value within two days of the public announcement