Webinar Duration: 60 minutes
RECORDED: Access recorded version only for one participant; unlimited viewing for 6 months (Access information will be emailed 24 hours after the completion of payment)
SPEAKER: Michael McCoy
The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It has been called the most comprehensive data protection law to date. For US business that do work with the EU, welcome to HIPAA for business data privacy protection.
Known as GDPR, this law has vague guidelines for compliance with tough breach notification requirements and heavy fines. Join us to discuss the measures required to comply with this and other national and international regulations. First, we will discuss the data collected by an organization, is it really necessary for business requirements or just the way we’ve always done things. A detailed and documented analysis needs to take place so that you only collect and store only the information required to accomplish your business purposes. Next up is vendor management. Know your vendors, know your vendors security.
You are the responsible party under GDPR to ensure your vendors are compliant. The majority of our discussion will address reasonable and appropriate security based on the level of risk for your business. Starting with a comprehensive risk analysis we will discuss how to determine where your security controls are adequate and where you need additional protection. For the most part monitored systems is going to be key to compliance. Intrusion detection, review of audit logs, good security practices.
Basically a good security framework using appropriate controls and monitoring. Compliance is much more that a checklist, so be aware of compliance by design, your organization will need comprehensive implementation of security controls after a through review of all systems and dangers to your data, based on the type of data, methods of storage and transmission and who you are using to aid you in your organization’s goals.
Why should you Attend: Doing business in the EU? GDPR is the most comprehensive data protection laws on the planet. There are massive fines for violation, especially for companies that do not have Security Plans and implementation of he proper security measures in place. Even if you do not do business in the EU, get a head start on data privacy protections coming to the US that will be enforced by the Federal Trade Commission.
Data privacy is an important topic and most businesses are not sure if their IT company is trying to make more profit or recommending security measures that are required. We will go over what is appropriate and reasonable in a manner that will allow you to apply it to your small, medium or large business. We will discuss vendor management and due diligence required to reduce your risks under GDPR.
GDPR is said to have very vague requirements, but security frameworks can be implemented to protect your business based on sound security practices. Attend our webinar to learn more about how you can protect the privacy of your customers.
Areas Covered in the Session:
– Who is Covered by these Regulations
– Basic Security Measures
– Required Risk Analysis
– Vendor Management
– Data Minimization
– Security Programs
– Breach Response Requirements
– Required Due Diligence
Who Will Benefit:
– IT Specialists
– Vendors to Covered Companies
Michael McCoy is the managing partner of HITECH Compliance Associates. He has been helping small to large medical practices and business associates manage their HIPAA compliance requirements. After spending 23 years in the medical field, managing outpatient radiology facilities, Michael has dedicated the last eight years to understanding and simplifying government regulations as they relate to patient privacy rules.
Mr. McCoy is a graduate of Florida State University where he studied auditing and psychology. As a HIPAA compliance consultant, Michael is an expert in performing comprehensive risk assessments and developing risk management plans that result in a step by step compliance plan. The risk assessment is foundational, and Michael and his team use the information gathered from the risk assessment to build all documentation the practice needs for HIPAA compliance. Highly acclaimed for his training classes, Michael has trained tens of thousands of staff members in person and has over 75,000 online trainees.
Michael attends the yearly HIPAA Security Conference hosted by the Office for Civil Rights and the National Institute for Standards and Technology (NIST). This yearly meeting with the agency officials that write the HIPAA guidelines, perform enforcement and audits gives him insights into what your office needs to prioritize and how to aid you and your staff meet HIPAA’s requirements. Protecting patient privacy is more important today than ever as cybercriminals want access to patient information. Michael will help your office implement the reasonable and appropriate security standards that are required by HIPAA and necessary to protect your patient records from being stolen or held for ransom.