InfoSec Leadership Institute > Courses > Risk Analysis

Risk Analysis Is The First HIPAA Security Requirement

The Information Security Regulations and Cybersecurity Frameworks require entities to "Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of electronic protected health information"

You've Tried Toolkits or Relied on Outside Vendors

In the last 10 years, many more organizations have realized the importance of risk analysis. In healthcare, it was tied to incentive payments with Meaningful Use. Vendors sprung up everywhere to help (including me).

Or maybe you've found checklists or toolkits to do it yourself. And yet, you still don't sleep well at night! You are not sure its enough. Do you really know what the threats and risks are to your data?

Well, What If...

You Finally Had The Confidence and the Plan to Conduct Your Risk Analysis

This course gives you the guidance, the methodologies and the resources and tools to finally have confidence to conduct your own risk analysis

You Could Conduct Your Risk Analysis Without Relying On Outside Vendors

At a fraction of the cost of using an outside vendor, you can conduct your own risk analysis and take the first crucial step towards "Leveling Up" your information security program.

You Knew How To Understand and Document Your Risks So You Can Prevent Disaster

The regulations require you to "know your risks" without guessing or hoping. This course offers a methodical, step-by-step approach and plan to do that so you don't just have to react to the next incident but prevent it from happening.

Meet Your Instructor, Steve Spearman

Steve Spearman has been in the health information technology industry for over 26 years where he began in capital software sales in the electronic health record industry. Steve is a sought after information security executive, speaker and expert on HIPAA, compliance, information security program development and information security frameworks and has spoken to 1000’s of participants from the podium, webinars and as the founding host of the HIPAA Chat podcast.

Steve was the founder of a Health Tech consultancy Health Security Solutions in 2012 which he sold in 2016 to Healthicity. He has served as the VP of Professional Services at a Health Tech company and as the Chief Information Security Officer for a health tech Cancer Analytics firms. 

As an outside consultant, Steve has helped create, develop and run dozens of information security programs in both the health care provider space as well as for 3rd party software and service vendors. 

Steve spoke on “Assessing the Risks of Your Medical Devices” at the 2016 HIMSS conference in Las Vegas, was a speaker and panelist at the Healthcon conference for medical coders and has conducted dozens of webinars attended by 1000’s of participants. Steve was member of the HIMSS Risk Assessment Working Group from 2013 to 2017.

Steve is certified by the (ISC)2 as a Certified Information Systems Security Professional (CISSP) and HealthCare Information Security and Privacy Practitioner (HCISPP).

Introducing...

Level Up: How to Conduct Your Risk Analysis

This course provides a roadmap and tools for organizations and individuals to conduct their own risk analysis. It includes video lessons on:

  • Why Risk Analysis
  • Overview of the Risk Analysis process
  • Selecting Your Team
  • Scoping the Project
  • Interviewing Stakeholders
  • Physical Security and
  • Writing the Report.

In addition it includes the following tools to help you conduct and document your risk analysis:

  • Detailed Risk Analysis Project Plan
  • Tool Kit overview
  • Interview Guidance and Tools
  • Physical Security Questionnaire
  • Report Templates
  • And More...

The Curriculum

  1 - Introduction
Available in days
days after you enroll
  2 - Why Risk Assessment?
Available in days
days after you enroll
  3 - Risk Assessment Processes and Tools
Available in days
days after you enroll
  4 - The Risk Assessment Team
Available in days
days after you enroll
  5 - Scoping the Project
Available in days
days after you enroll
  6 - Documentation Request and Review
Available in days
days after you enroll
  7 - Stakeholder Interviews
Available in days
days after you enroll
  8 - Facility Security
Available in days
days after you enroll
  9 - Technical Controls Assessment
Available in days
days after you enroll
  10 - Risk Assessment Reports
Available in days
days after you enroll

Frequently Asked Questions

When does the course start and finish?

The course starts now and never ends! It is a completely self-paced online course - you decide when you start and when you finish.

How long do I have access to the course?

How does lifetime access sound? After enrolling, you have unlimited access to this course for as long as you like - across any and all devices you own.

What if I am unhappy with the course?

We would never want you to be unhappy! Please contact us within 30 days for a full refund.

Are there any prerequisites to enroll?

No. Some background in information technology would certainly be beneficial.

Will I need to purchase any additional materials?

We provide many downloadables and resources that will go a long way in helping you meet the objectives of this course. We may reference outside resources as well but none will be required to complete the course.

This Course is Perfect For You If...

  1. You've Always Struggled With Complying with the Risk Analysis Requirement
  2. You're Ready To Learn How To Conduct Your Risk Analysis
  3. You worry that you haven't done enough to protect your data but aren't sure what you need to do
  4. You are concerned that you "don't know what you don't know" but want to have more confidence in what you do know
  5. You want to take ownership of your information security program and become proactive rather than reactive

Choose a Pricing Option