A Security Risk Analysis may seem like just another compliance requirement, but it makes good business sense as well.
Physician practices, clinics and small businesses that qualify as Business Associates under the new HIPAA Omnibus Final Rule are under tremendous pressure to meet very stringent compliance requirements as of September 23, 2013, when many of the enforcement provisions kick in. Perhaps most daunting and confusing is to complete a Security Risk Analysis, which is a foundational requirement of the HIPAA Security Rule.
While it may seem unfair and frustrating, the risk analysis requirement makes a lot of sense. It provides you with a “big picture” view on what actions are the most critical and therefore cost effective for protecting electronic Protected Health Information (ePHI). While completing a Security Risk Analysis for larger health care providers and BAs typically will require the expertise and “hands on” assistance from security professionals, many small practices and businesses can accomplish this on their own using tools and resources that are freely available from HHS and other organizations. The key is making sure you meet the requirements for a proper risk analysis, which were published by the OCR in July 2010.
On September 5, we are hosting a webinar specifically designed for smaller health care providers and business associates that need to complete a HIPAA risk analysis. We’re not going to spend a lot of time outlining all the section and subsections of the Security Rule. Instead, we will provide practical information and advice that your staff or IT professional needs to know and a clear roadmap to meeting compliance requirements.
Latest posts by EHR 2.0 (see all)
- Trump Administrations’ Effect on Healthcare Organizations - January 23, 2017
- HIPAA Fine for Lack of Timely Breach Notification - January 11, 2017
- HIPAA Compliance 2016 Year in Review - January 9, 2017