Although HIPAA Security Final Rule required a Risk Analysis be completed and updated by April 2005, many organizations are just getting started.   

HIPAA security risk value matrixIt’s not optional!  You must perform a HIPAA Security Risk Analysis (45 C.F.R. § 164.308(a)(1)(ii)(A)).  Forget HIPAA!  Forget the upcoming mandatory HIPAA audits!

If you want to exercise due care in standing up your privacy and security risk management program, a risk analysis is one of the foundational steps.  Don’t wait!

Risk analysis (Required). Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity.

As required by The HITECH Act, the Office for Civil Rights has issued final “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”.  (July 2010).  We advise all Covered Entities and Business Associates to review the Final Guidance and become familiar with the applicable standards and implementation specifications.

Wanna be even more hip on HIPAA? Learn more…

Please avail yourself of any of these free resources which you may access now by clicking on the links below:

Series Navigation<< HIPAA Security Risk Analysis ChecklistClearwater Risk Analysis ToolKit >>

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.