Blog

Blog

HIPAA Risk Analysis

HIPAA Risk Analysis Tip – What Level of Detail is Adequate?

This entry is part 52 of 13 in the series HIPAA Security Risk Analysis Tips

HIPAA Risk Analysis Tip – What Level of Detail is Adequate? Short Answer: Every “asset-threat-vulnerability” combination must be risk-analyzed!  In order to conduct a thorough and accurate risk analysis, it’s imperative to identify the threat sources, threat events and vulnerabilities that might compromise the confidentiality, availability and/or integrity of the health information entrusted to your […]

Read More
HIPAA Risk Analysis

HIPAA Risk Analysis Tip – How Comprehensive Must Your HIPAA Security Risk Analysis Be?

This entry is part 51 of 13 in the series HIPAA Security Risk Analysis Tips

HIPAA Risk Analysis Tip – How Comprehensive Must Your HIPAA Security Risk Analysis Be? Short Answer: All information assets in all lines of business in all facilities and in all locations.  OCR just entered into its 50th Resolution Agreement / Corrective Action Plan with CardioNet, Inc., the 39th case involving ePHI and therefore requiring a […]

Read More
HIPAA Risk Analysis

HIPAA Risk Analysis Tip – Does OCR really use the “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”?

This entry is part 50 of 13 in the series HIPAA Security Risk Analysis Tips

HIPAA Risk Analysis Tip – Does OCR really use the “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”? Short Answer: YES!  As long ago as June of 2005, the Department of Health and Human Services (HHS) began publishing a series of seven security articles providing guidance on the “Security Standards for the Protection […]

Read More
HIPAA Risk Analysis

HIPAA Risk Analysis Tip – May 3rd Webinar with Leon Rodriguez – What OCR Expects in Your HIPAA Risk Analysis

This entry is part 49 of 13 in the series HIPAA Security Risk Analysis Tips

HIPAA Risk Analysis Tip – May 3rd Webinar with Leon Rodriguez – What OCR Expects in Your HIPAA Risk Analysis Join former OCR Director Leon Rodriguez (9/2011-7/2014), now a Partner at Seyfarth Shaw LLP and Bob Chaput, CEO, Clearwater Compliance, on May 3rd at 12 noon Eastern Time for an interactive presentation and discussion of OCR’s emerging […]

Read More
Clearwater Compliance

IF YOU HAVE TO DISCLOSE, LOOK YOUR BEST

Reporting risk factors started in earnest in 2005 when the SEC introduced a new section in annual 10-K reports for organizations to discuss the “most significant factors that make the company speculative or risky.” Specifically, publicly traded companies were required to include qualitative disclosures of risk factors and to update that information quarterly with changes. […]

Read More

OCR is using audits to find risks and vulnerabilities that might not otherwise be known.

Recently at the Privacy & Security Forum, senior advisor Linda Sanches discussed what the OCR will be looking for in the upcoming on-site 2017 audits. Although the likelihood that your organization will be selected are slim, (fewer than the 205 desk audits conducted in 2016), the OCR is hoping to identify risks and vulnerabilities not […]

Read More

Hybrids Beware! You are on OCR’s Radar.

OCR just announced a settlement agreement with the University of Massachusetts-Amherst for a breach of records at its Center for Language, Speech, and Hearing, which was not designated as a covered health care component in its hybridization. UMass is the third hybrid entity in the 43 enforcement actions listed on the HHS website that has […]

Read More

Problems with Paper: Medical Record Mistakes Put Patients at Risk

From cell phone hacks to bank account scams, cybersecurity has become a priority for most people looking to protect their personal information.

Read More

Thousands of professionals trust Clearwater to bring them the latest news and information on Compliance and Cybersecurity Risk Management.

Show Buttons
Hide Buttons