The HIPAA Security Rule not only requires the completion of a periodic risk analysis, it requires that action be taken to address risks. HIPAA requires that organizations have a risk management plan in place that includes the implementation of security measures that are sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level.
Not only is it required, it’s one of the key areas that is part of OCR’s Phase 2 Audits. Auditors will not just be looking for policies and procedures on risk management process, but also on the specific details of how risk will be managed, by whom, how often and documentation of management’s acceptable level of risk. Organizations must provide evidence that security measures have been implemented as a result of that risk analysis and that those measures are sufficient to mitigate or remediate identified risks to an acceptable level according to the risk rating.
Do you need help developing a plan to respond to your organization’s risk to sensitive information? Learn how Clearwater’s risk analysis software, IRM|Analysis™, can help your organization facilitate and document a complete risk action plan to drive accountability for taking steps to reduce risks to an acceptable level.
This session is offered as a 75-minute webinar using the GoToWebinar platform. The open format encourages questions during and after the session. Attendees will receive the presentation materials.
- The HIPAA Security Rule requirement for risk response and risk management
- The NIST approach to risk response
- How IRM|Analysis™ enables a bona fide risk analysis and risk response process
- How IRM|Analysis™ enables informed security investments providing the highest ROI
Date & Time
October 25, 2016
11 am – 12.15 pm CT