FacebookTwitterLinkedInEmailPrint
This entry is part 25 of 48 in the series HIPAA Security Risk Analysis Tips

The National Institute of Standards and Technology (NIST) has published Special Publication 800-30 Revision 1 Guide for Conducting Risk Assessments.  Of course, HHS/OCR Guidance on completing a Risk Analysis points to / relies on a the NIST Security Framework.   Here’s today’s big tip – Learn to do a HIPAA Risk Analysis the right way!  …learn more…

 

Read NIST SP800-30

In an October 2011 post, we provide an update on how Special Publication 800-39 superseded the original Special Publication 800-30 as the source for guidance on risk management.  Special Publication 800-30 has been revised to provide guidance on risk assessment as a supporting document to Special Publication 800-39.

This brand new SP800-39 publication takes over the “big picture” view of the overall four-step Risk Management process.

The new SP800-30 Revision 1, focuses on risk assessment, step one in the risk management process.

As required by The HITECH Act, the Office for Civil Rights has issued final “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”.  (July 2010).  We advise all Covered Entities and Business Associates to review the Final Guidance and become familiar with the applicable standards and implementation specifications.

Check out the Clearwater HIPAA Security Risk Analysis ToolKit™ to jump-start your program.

Contact us for more information or to learn about a tailored Clearwater HIPAA Audit Prep WorkShop™ or the Clearwater HIPAA Audit Prep BootCamp™ series.

Please avail yourself of any of these free resources which you may access now by clicking on the links below:

Series Navigation<< HIPAA Security Risk Analysis Tips – Due Diligence Mitigates Liability Exposure Under HIPAA and the HITECH ActHIPAA Security Risk Analysis Tips – Listen to NIST’s Ron Ross >>

Bob Chaput

CEO at Clearwater Compliance
Bob is the CEO and Founder of Clearwater Compliance. He has 25 years of experience in the Healthcare industry, and his experience includes managing some of the world’s largest HR, benefits and healthcare databases, requiring the highest levels of security and privacy. Mr. Chaput continues to expand and update his knowledge base on HIPAA-HITECH compliance through postgraduate study, earning professional certifications and participating in professional healthcare and other organizations.
 
FacebookTwitterLinkedInEmailPrint