Risk analysis is one of four required implementation specifications in the Security Management Process section of the HIPAA Security Rule.
Too often, healthcare organizations are missing the mark on aligning with the Risk Analysis requirements as defined in the HIPAA Security Rule and are running afoul of OCR and regulators in the process. This has led to multi-million-dollar settlements and fines that largely could have been prevented.
Meditology Services serves as a HIPAA Expert Witness firm for OCR and has also advised hundreds of healthcare entities on HIPAA risk analysis and OCR audit response processes. Highlights from the session include:
- OCR enforcement activity updates resulting from HIPAA risk analysis gaps
- Conducting a proper risk analysis in alignment with OCR expectations and HIPAA requirements
- Understanding the difference between a risk analysis and a HIPAA Security rule gap analysis
- Scoping HIPAA risk analyses to include critical locations and systems where ePHI and PHI resides
- Scaling HIPAA risk analyses and assessments to reflect the size of your organization
- Clarifying the frequency of risk assessment expectations
- Maintaining appropriate documentation to satisfy OCR audits
- Critical questions that must be answered and addressed in risk analysis reporting
- Requirements for risk analysis compliance with CMS Performance Improvement (Meaningful Use) provisions
ITRM Managing Director