This entry is part 29 of 60 in the series HIPAA Security Risk Analysis Tips

On January 2, 2013, HHS posted a news release announcing the settlement agreement and $50,000 settlement amount assessed to Hospice of North Idaho. Here’s today’s big tip learn 7 key lessons from this event (spoiler alert: completing a MANDATORY risk analysis is included in the list). Read more.

HIPAA Risk Analysis Tips – $50K Penalty vs. Does Size Matter?


Yikes! Blogosphere has been lit up by every self-proclaimed (and newly-2013-declared) ‘expert’ about the Hospice of North Idaho-HHS Settlement Agreement Document and Corrective Action Plan (SADCAP, my new acronym!).

Clearwater Compliance has successfully guided dozens of organizations through OCR Audits and Investigations. And this most recent news is a great time to review seven great lessons:

  1. Size doesn’t matter, nor apparently your mission.
  2. There is an ROI on trying.
  3. Trying starts with taking stock of where you currently are.
  4. Taking stock of where you are includes compliance gap assessments (mock audits) AND, that HIPAA Risk Analysis that has been required since April, 2005… It’s time!
  5. There’s a much higher ROI for spending $50K on good-faith effort than for paying HHS penalties and CAP for a lost laptop. (FYI:  12K laptops a week in USA go missing!)
  6. You actually can start with much less than $50K and a closed office and still make a meaningful move closer to full compliance.
  7.  Let’s work together to keep the money aimed at treating needy patients (good grief, especially hospice patients!) and not into government coffers to fund more enforcement.

Learn more About Doing an authentic HIPAA Security Risk Analysis…

The HIPAA Security Rule (at 45 C.F.R. §164.308(a)(1)(ii)(A)) requires an initial security risk analysis according to risk analysis guidance issued by HHS/OCR based on NIST standards. The one-of-a-kind Clearwater HIPAA Risk Analysis is guaranteed to simplify that process, immediately identify threats and vulnerabilities and make risk analysis less overwhelming.
OCR Audit Protocols for Risk Analysis are clear! CMS, as planned, has launched audits of organizations who have attested to Meaningful Use Objectives and Risk Analyses will be audited.  Have you completed a bona fide HIPAA Security Risk Analysis?
The subscription fee to the Clearwater HIPAA Risk Analysis™ is based on the size of the organization in an effort to make this powerful tool available to organizations of all sizes.  
OR, call 800-704-3394 X3007 Today!
harnessing risk starts with a bona fide risk analysis
harnessing risk starts with a bona fide risk analysis
Series Navigation<< HIPAA Security Risk Analysis Tips – Solve HIPAA and PCI DSS Requirement OnceHIPAA Security Risk Analysis Tips – Open Letter to VITO >>

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.