Skip to content

Webinar: Security Risk Analysis for HIPAA Covered Entities and Business Associates

  • Have you identified the e-PHI within your practice? This includes e-PHI that you create, receive, maintain  or transmit?
  • What are the external sources of e-PHI? For example, do vendors or consultants create, receive, maintain or transmit e-PHI.
  • What are the human, natural, and environmental threats to information systems that contain e-PHI?
  • Do you want to attest for an EHR incentive program by completing your security risk analysis?

Many health care organizations and their business associates understand they are not meeting the HIPAA compliance requirements for risk analysis and they are concerned this could result in stiff fines and penalties.

  • Do I have to hire an outside security consultant to perform a risk analysis?
  • How can I make sure they focus on the core requirements to protect ePHI and a possible OCR audit, without breaking our budget or requiring an inordinate amount of time?
  • Are there resources available that our team can use that do not require someone with a security background?

The primary objective of this 60-minute webinar is to help organization identify the key vulnerabilities in ePHI and EHR systems by reviewing the steps required to complete the security risk analysis which will help comply with HIPAA Security rule requirements.  In addition, one of the Meaningful Use (MU) core objectives for eligible professionals and hospitals is to conduct thorough technical risk analysis of EHR and ePHI systems.

Keith Mattox, CISSP, PMP, is a senior consultant in at Clinical Security, LLC. Mr. Mattox has ten years’ experience as a consultant providing information security and compliance solutions at the enterprise and division level. As a program manager with 25 years of IT experience, he has led the development and implementation of information security and compliance programs for financial institutions, pharmaceutical companies, healthcare organizations, electric utilities, and government entities.   has worked with many clients to refine and formulate policies that clearly state desired behavior and accountability objectives in order meet organizational goals and mitigate risk. Prior to joining CTG, Mr. Mattox served as a security consultant for a de novo internet bank and as the information security manager with over 450 branches. He is based in Raleigh, North Carolina.

Topics covered:

1)      Importance of security risk assessment

2)     Identify all the ePHI devices

3)     Providing  a clear method to complete a risk analysis

4)     Identify the top security threats and vulnerabilities to ePHI — and what you will need to do to protect your organization

5)     Pre and post payment audits by CMS and OCR audit procedures


  • Access to recorded webinar and presentation material
  • Continuous education credit
  • Sample Security Risk Analysis Report

Date:  September 5, 2013

Time:  12 noon EST

Duration:  60-Minute(approximate)

Cost: $49


"The content of the slides puts the information into a logical flow …The commentary that accompanied the slides was also good explanations of what is out there and what can be expected"
Margaret C.
CHC, Corporate Compliance Officer

To learn more about our upcoming webinars, visit

Upcoming Events