Risk Analysis Workshop – Taking it to the next level


Risk analysis is critical compliance component for HIPAA, MIPS, PI, MACRA, and PCI DSS. Not sure what all of those abbreviations stand for? Then this workshop is for you!

Through an interactive workshop, group discussions, and hands-on participation, we will educate and train staff on risk management, including assessing and managing cybersecurity risks. In previous workshops and online training, the basic principles of risk analysis were covered and attendees were provided with the tools they needed to complete a basic risk analysis for their practice.

This workshop will start with a high-level review of risk analysis and then dive deeper into risk management and cybersecurity. We will cover what information security documentation is needed to pass a desk audit for HIPAA and to attest to the Merit-based Incentive Payment System (MIPS) and Promoting Interoperability (PI) – formerly “Meaningful Use.” We’ll discuss ways to keep your clinic or practice moving forward with your risk remediation.

Risk analysis and risk management are not going away…

Conduct or review a security risk analysis in accordance with the requirements of 45 CFR 164.308(a)(1), including addressing the security (to include encryption) of ePHI data created or maintained by certified EHR technology in accordance with requirements in 45 CFR 164.312(a)(2)(iv) and 45 CFR 164.306(d)(3), and implement security updates as necessary and correct identified security deficiencies as part of the MIPS eligible clinician’s risk management process.

Deliverables: Risk analysis profiles/templates for the typical provider organization, template for documenting risk analysis report, checklists for conducting a control analysis, risk analysis reports, risk remediation plans other sample forms, and additional reference materials as needed

Method of Delivery: Instructor-led delivery with group participation

Length of Presentation: 4 hours (9 AM to 2 PM and includes one hour for a box lunch - provided)

[Optional] There will be an additional 50 minutes after the workshop to provided one-on-one assistance.

Prerequisites: Attendees must have either attended a previous risk analysis workshop or viewed the online risk analysis webinar or an understanding of the basic fundamentals for conducting a risk analysis.

Risk analysis and risk management are not going away…

Videos: Part 1 and Part 2
Please bring your practice/clinic’s risk analysis documents to the meeting for more in-depth help!
Goals of this Workshop:
  • Conduct a risk analysis based upon the SAMPLE risk analysis tools provided
  • Demonstrate how to document risk management activities
  • Identify the top cybersecurity threats and the controls needed to reduce cyber-attack risks
  • Establish new ways to reduce cybersecurity risks to their practice
  • Explain the regulatory requirements for conducting a risk analysis including HIPAA Security Rule and the requirements for meeting Promotion Interoperability (PI) requirement
  • Complete the SRA for the State of Alabama
  • Rationalize why creating a simple business continuity and disaster recovery plan is necessary
  • Find resources for additional information


Presenter information:

Tom Walsh is a Certified Information Systems Security Professional (CISSP) and a nationally recognized speaker and a co-author of four books on healthcare information security. Tom Walsh and his business partners assist organizations throughout the country with their information security programs. Tom has over 26 years of information security experience. In addition to being an independent consultant, Tom has been the “virtual” information security officer for several healthcare organizations.

Tom Walsh
Tom Walsh, CISSP
Founder and Manager Partner
Overland Park, KS
About tw-Security:

tw-Security has been providing Information Security Risk Analysis services for over 15 years. All of tw-Security’s risk analysis customers that have undergone a Meaningful Use audit have passed the security risk analysis requirement! Therefore, engaging a tw-Security experienced and certified security professional to provide risk analysis education and training with supporting tools to guide your staff and physician practices through this process will bring confidence in compliance.