Provided by: Jennifer Kirschenbaum, Esq.
November 10, 2020
(Click here for an oldie, but goodie, Webinar on Security Risk Assessment)
If there were a year we deserved a pass, it would be 2020, right? No such luck as related to HIPAA. The Office for Civil Rights is kicking reviews into high gear, which means over the next few weeks its time for me to remind you of the obligations coming towards the end of the year related to voluntary disclosures, and also to remind you of the regular obligation (at least annually) to conduct a Security Risk Assessment, which you can do for free, here - https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool.
As a refresher, the Security Risk Assessment Tool is made available by HealthIT.gov and serves as an interactive questionnaire you can use to evaluate your practice's level of HIPAA compliance. The Security Risk Assessment Tool also provides suggested remedies for areas of potential exposure. Assessments by OCR and remediation plans have very consistent patterns. Those who are vigilant and make an effort to comply are less likely to have exposure should a disclosure/breach happen on their watch (which is always a risk). Those who flagrantly disregard and take no effort to comply will be an open target if ever reviewed, and risk much higher penalties for non compliance.
What's involved with the Security Risk Assessment Tool and process? Time. Not too much, but some. Taking the survey and seeing where you have areas of exposure. Those areas of exposure may require your IT team to get involved to build technical safeguards (like, encryption), or your administrators to build physical safeguards (like, passwords), or your legal team to build administrative safeguards (like, policies and/or procedures or assistance with Business Associate Agreements).
(Click here for an oldie, but goodie Webinar on Security Risk Assessment)
If there were a year we deserved a pass, it would be 2020, right? No such luck as related to HIPAA. The Office for Civil Rights is kicking reviews into high gear, which means over the next few weeks its time for me to remind you of the obligations coming towards the end of the year related to voluntary disclosures, and also to remind you of the regular obligation (at least annually) to conduct a Security Risk Assessment, which you can do for free, here - https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool.
As a refresher, the Security Risk Assessment Tool is made available by HealthIT.gov and serves as an interactive questionnaire you can use to evaluate your practice's level of HIPAA compliance. The Security Risk Assessment Tool also provides suggested remedies for areas of potential exposure. Assessments by OCR and remediation plans have very consistent patterns. Those who are vigilant and make an effort to comply are less likely to have exposure should a disclosure/breach happen on their watch (which is always a risk). Those who flagrantly disregard and take no effort to comply will be an open target if ever reviewed, and risk much higher penalties for non compliance.
What's involved with the Security Risk Assessment Tool and process? Time. Not too much, but some. Taking the survey and seeing where you have areas of exposure. Those areas of exposure may require your IT team to get involved to build technical safeguards (like, encryption), or your administrators to build physical safeguards (like, passwords), or your legal team to build administrative safeguards (like, policies and/or procedures or assistance with Business Associate Agreements).
(Click here for an oldie, but goodie Webinar on Security Risk Assessment)
