Beware of Freshly-Minted, Self-Proclaimed HIPAA Risk Analysis Companies! There is still great focus on completing the foundational risk analysis required at 45 CFR §164.308(a)(1)(ii)(A). Here’s today’s big TIP — Select Your Risk Analysis Solution and Provider Very Carefully. Download our HIPAA Risk Analysis Buyer’s Guide Checklist.
HIPAA Risk Analysis Tip – HIPAA Risk Analysis Buyer’s Guide Checklist
Just returning from the 2013 International Association of Privacy Professionals (IAPP) Global Privacy Summit in DC last week, we were privileged to hear the very latest updates from Office for Civil Rights (OCR) officials Director Leon Rodriguez, Deputy Director Sue McAndrew and leaders Linda Sanches and Verne Rinker. The presentations made by the OCR officials at the 2013 IAPP Global Privacy Summit focused on Omnibus Final Rule changes and the summary information from the 2012 OCR HIPAA Audit Program.
In both cases as well as in discussions about the future of the HITECH-mandated audits of Covered Entities and Business Associates, the importance of completing a bona fide HIPAA Risk Analysis was underscored. The 2012 OCR HIPAA Audit findings included a determination that where Covered Entities did have performance audit gaps (not all 115 did), the failure to have complete a risk analysis was pervasive:
- 47 of 59 Providers audited failed to complete an authentic HIPAA Risk Analysis
- 20 of 35 Payors audited failed to complete an authentic HIPAA Risk Analysis
- 2 of 7 Clearinghouses failed to complete an authentic HIPAA Risk Analysis
As had been indicated in previous public speeches and interviews by OCR Officials, they all once again emphasized the importance of completing this core Security Rule requirement and indicated the possibility of risk analyses becoming the area of focus for the next round of audits; this time including Business Associates as well as Covered Entities. That focus on HIPAA Risk Analysis is no surprise since, to date, every Settlement Agreement/Corrective Action Plan entered into by the OCR cites failure to do a real HIPAA risk analysis.
Download HIPAA Risk Analysis Buyer’s Guide Checklist
We are often asked, “How do I go about selecting a reputable firm to complete a bona fide HIPAA Security Risk Analysis?” This HIPAA Risk Analysis Buyer’s Guide Checklist is an easy-to-use tool to assist you in comparing alternative solutions and making your selection.
Other Help Getting Started With Your Bona Fide HIPAA Risk Analysis
Over the years, we’ve helped 100s of organizations complete their HIPAA Risk Analysis. Please benefit from our HIPAA Risk Analysis expertise by:
Please avail yourself of any of these free resources which you may access now by clicking on the links below:
- Risk Analysis Buyer’s Guide
- Expert 2nd Opinion on Your HIPAA Risk Analysis
- Clearwater Compliance White Paper: Risky Business: How to Conduct a Bona Fide HIPAA Security Risk Analysis
- Clearwater Recorded Webinar event entitled How to Conduct a Bona Fide HIPAA Security Risk Analysis
- IRM|Analysis™- Clearwater’s Risk Analysis and Risk Management software DataSheet
- IRM|Analysis™- Clearwater’s Risk Analysis and Risk Management software Free Trial for qualified organizations
- More Risk Analysis Resources
If you’d like to keep up to date on Risk Analysis or HIPAA-HITECH in general, please also consider (all optional!):
- Attending a HIPAA Audit Prep BootCamp™
- Joining our AboutHIPAA LinkedIn Group: http://AboutHIPAALI.org
- Following me: http://www.twitter.com/ClearwaterHIPAA
- Subscribing to our eNewsletter: http://clearwaterc.wpengine.com/resources/newsletters/
- Subscribing to our RSS feed: Clearwater HIPAA Compliance Blog
- Checking our company web site: http://clearwaterc.wpengine.com/
- Attending a HIPAA HITECH live webinar: http://abouthipaa.com/webinars/upcoming-live-webinars/
- Viewing a pre-recorded webinar: http://abouthipaa.com/webinars/on-demand-webinars/
Latest posts by Bob Chaput (see all)
- HIPAA Risk Analysis Tip – Part 5 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - June 5, 2017
- HIPAA Risk Analysis Tip – Part 4 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - May 29, 2017
- HIPAA Risk Analysis Tip – Part 3 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - May 21, 2017