Gerard Scheitlin is the owner and founder of RISQ Management, a company specializing in product and organizational risk solutions. Before devoting his work fulltime to RISQ Management, Gerard was an executive leader with a thirty-year extensive background in multiple industries including Health Care, Information Technology, Automotive, Electronics, and Distribution.
Gerard is actively involved in publicizing by how focusing on RISQ Management and Business Transformation is able to achieve sustainable growth. Gerard currently has nineteen publications ranging across multiple media platforms, and covering a broad range of topics focusing on his RISQ Model. Gerard has been a guest speaker and a panelist at a number of nationally accredited symposiums, as well as individual company summits. Gerard has been a guest lecturer at Arizona State University in the School of Biomedical Informatics.
Gerard is passionate about RISQ remediation and process improvement with a 'client-centered' approach that focus on prevention, rather than reaction. Gerard is a Lean Six Sigma Black Belt with Engineering degrees from Purdue University and The University of Alabama.
With 42 CFR Part 2, HIPAA and state regulations all intersecting at TEFCA, managing patient consent one of the largest risks in the interoperability requirements. This session will discuss how to establish a patient based consent model that covers the entire spectrum and helps reduce the patient consent risk. The discussion will cover the following topics:
1. The importance of statute redaction and how to compare the various statute changes and differences in a near realtime fashion
2. Movement from an organizational consent model to a patient centric model that ensures the consent of the patient is satisfied
3. The advantages of blockchain in the creation of a longitudinal patient consent record
4. Why natural language processing is crucial to developing a patient consent model.
5. The advantages of managing consent in a policy format that allows realtime changes to the patient consent.
6. TEFCA and how a patient based consent model satisfies the requirements
Organizations tend to focus on the technical controls for protection of the company’s assets and reduction of risk. Security Operations Centers, IDS/IPS, Vulnerability Scanning and other controls are implemented and publicized. The number of implemented controls, and the number of standards satisfied are the measures of risk and risk maturity.
Unfortunately, this is not optimum, nor does it a keep an organization safe. Organizations need to measure Risk Maturity on a different scale. A scale that includes People, Processes and Systems, as much as the technical controls and compliance certificates.
This session will focus on a Risk Maturity model that covers the entire risk continuum, includes people, processes and systems, is measurable and definable. This model, which parallels proven risk reduction and quality improvement in manufacturing, will walk organizations through the 2 classes and 5 phases of risk maturity:
Class 1: Risk Control
• Phase 1: Unknown Incident
Something occurs and it can’t be fixed because we don’t even know it happened
• Phase 2: Incident Management
A risk manifests itself, somebody creates an incident ticket and the organization rushes to close the risk and mitigate the impact
• Phase 3: Protection Control
A risk manifests itself and organization mitigates the impact before the client is aware, or must be notified.
• Phase 4: In-Process Protection
We identify a trend in a risk getting worse, or new and implement controls before the risk manifests itself.
• Final Phase: Continuous Protection Improvement
There is a culture and a focus by all individuals on identifying and reducing the the risk profile on a daily basis