How to do HIPAA Risk Analysis and Risk Management Step-by-step

Total Seats: 500

Date and Time:

May 1, 2024 10:00 AM PDT - 11:30 AM PDT

Share This Events:



The HIPAA Rules require Covered Entities and Business Associates to do Risk Analysis and Risk Management (RA-RM) but do not explain how to do them. This webinar clearly explains how to follow OCR’s advice to use Risk Analysis – Risk Management procedures developed by the National Institute of Standards and Technology (NIST). We lay out each step of the NIST RA-RM

process and show how they fall neatly in three parts concluding with an easy-to-follow demonstration. You will receive a handout illustrating all the steps. HIPAA RA-RM is easy to do step-by-step – when you know the steps.


Failure to do HIPAA RA-RM puts your organization in grave danger. This webinar will show you how to do a complete HIPAA RA-RM step-by-step and how easy it is to follow those steps when they are explained. You should attend this webinar to learn why you must worry about not doing a HIPAA RA-RM properly – and how you can stop worrying by simply doing a HIPAA RA-RM as required every year.


  • OCR Guidance – Risk Analysis and integrated Risk Management process

– OCR Reliance on NIST Procedures; the standard for best practices

– NIST Sources: HIPAA RA-RM and NIST Risk Management Framework

  • OCR Audit – National Crisis – Widespread Failure to do RA-RM

– Inexcusable, Unnecessary, and Dangerous

  • OCR/NIST HIPAA RA-RM Process explained simply (It’s just a 3-Act Play)

– Act 1: Setup – Risk Analysis. Assemble Information – Identify, Document, and Assess level of Risks

– Act 2: Confrontation – Risk Management – Documented Actions to Manage Risks

– Act 3: Resolution – Risk Management Program – Focused on your Organization’s Risks – Documented and Active

  • How to do OCR/NIST RA-RM demonstrated Step-by-Step


  • Practice Managers – Covered Entities
  • HIPAA Compliance Officials – Privacy and Security Officers
  • Patient Engagement Officials
  • Health Information Technology Supervisors
  • Risk Managers – Covered Entities
  • Health Care Providers practicing as individuals or in small groups
  • Group Health Plan Administrators
  • Third-Party Group Health Plan Administrators
  • Covered Entity Senior Management and Owners
  • Attorneys for Covered Entities – In-house and Outside Counsel
  • Compliance Committee – Covered Entity Board of Trustees
  • C-Suite Executives – all Covered Entities
  • Chief Compliance Officer – all Covered Entities


Paul R. Hales, J.D. is widely known for his ability to explain HIPAA compliance clearly in plain language. Paul is a graduate of Columbia University Law School, a Senior Counselor of the Missouri Bar, and licensed to practice before the Supreme Court of the United States. He manages an international HIPAA privacy and security practice and is the author of all content in The HIPAA E-Tool® with separate editions for Covered Entities, Business Associates, Health Plans, and Third Party Administrators.


Attendees may cancel up to two working days before the course start date and the refund will be processed within two working days.

We will process/provide A refund if the webinar is canceled. Refunds will not be given to participants who do not show up for the webinar. On-Demand Recordings can be requested in exchange. Webinars may be canceled due to a lack of enrolment or unavoidable factors. Attendees will be notified 24 hours in advance if a cancellation occurs. Substitutions can happen anytime.

If you have any concerns about the content of the webinar and are not satisfied please contact us at care@thecomplyguide.com

Register Now:

Ticket type: Ticket Qty: Per Ticket Price:
One dial-in, one attendee
One dial-in, one attendee + Recording
Group - up to 5 attendees
Group - up to 10 attendees
Quantity: Total