Call Us Today! 1.800.704.3394|info@clearwatercompliance.com

HIPAA Security Risk Analysis Tips

/HIPAA Security Risk Analysis Tips

HIPAA Security Risk Analysis Tips – Implementation Specification

By |June 3rd, 2011|

This entry is part 1 of 48 in the series HIPAA Security Risk Analysis Tips

The HIPAA Security Final Rule requires all that all Covered Entities and Business Associates (and, soon likely, their sub contractors) complete a Risk Analysis.  The risk analysis requirement is specified in 45 C.F.R. § 164.308(a)(1)(ii)(A) Risk Analysis and is known as an Implementation Specification.  Risk Analysis is one of four Implementation Specifications that are part of […]

HIPAA Security Risk Analysis Tips – Scope

By |June 17th, 2011|

This entry is part 2 of 48 in the series HIPAA Security Risk Analysis Tips

Invariably, in our Live Web Events, we are asked something along the lines: can we just do the Risk Analysis on our EHR system (and not on other systems/media/applications that handle ePHI)?  Here’s today’s big tip – NO!  And, in the words of OCR attorneys at the recent NIST-OCR HIPAA Secuity summit in DC, organizations that narrow […]

HIPAA Security Risk Analysis Tips – Big Picture

By |June 23rd, 2011|

This entry is part 3 of 48 in the series HIPAA Security Risk Analysis Tips

We sometimes refer to a real HIPAA Security Risk Analysis as getting into the “trees and weeds”.  With a rigorous Security Risk Analysis and Management Methodology, it is easy to be swallowed up in these details.  Here’s today’s big tip – Keep an eye on the Big Picture.  Don’t lose sight of your business risk management goals.  Here’s […]

HIPAA Security Risk Analysis Tips – Know the Regs

By |June 30th, 2011|

This entry is part 4 of 48 in the series HIPAA Security Risk Analysis Tips

The HIPAA Security Final Rule, reinforced by the HITECH Act, requires every CE and BA, in accordance with the security standards general rules (§164.306), to have a security management process in place “to implement policies and procedures to prevent, detect, contain, and correct security violations.”  Here’s today’s big tip – Know the letter and the intent of […]

HIPAA Security Risk Analysis Tips – Risk Analysis Methodology

By |July 14th, 2011|

This entry is part 5 of 48 in the series HIPAA Security Risk Analysis Tips

In July 2010, HHS and OCR issued  final “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”.   Security Risk Analysis is not “star wars” technology nor a news flash.  There are many ways to go about it.  OCR frankly doesn’t care what methodology you use as long as your approach incorporates what they identified as nine (9) essential elements in their guidance.  Here’s today’s big tip — Don’t re-invent the wheel!  Follow OCR Guidance and adopt a proven, highly trusted methodology.  Here’s how…

[…]

HIPAA Security Risk Analysis Tips – How to Get Started

By |August 11th, 2011|

This entry is part 6 of 48 in the series HIPAA Security Risk Analysis Tips

I admit that I have become so steeped in HIPAA subject matter, in general, and the process of completing a HIPAA Security Risk Analysis, in particular, that I forgot that many organizations are just starting out.  This post is aimed at getting back to basics.  Here’s today’s big tip – Get a quick baseline education… here’s how…

 

I’m a big […]

HIPAA Security Risk Analysis Checklist

By |August 4th, 2011|

This entry is part 7 of 48 in the series HIPAA Security Risk Analysis Tips

Many organizations are looking for a simple hipaa security checklist to help them complete the HIPAA Security Risk Analysis (per 45 CFR 164.308(a)(1)(ii)(A)) for a variety of reasons.  The two most prevalent reasons are: 1) compliance with the HIPAA Security Final Rule; and, 2) in the case if eligible hospitals and eligible providers seeking Meaningful Use […]

HIPAA Security Risk Analysis Tips – Risk Analysis White Paper

By |September 15th, 2011|

This entry is part 8 of 48 in the series HIPAA Security Risk Analysis Tips

Although HIPAA Security Final Rule required a Risk Analysis be completed and updated by April 2005, many organizations are just getting started.   

It’s not optional!  You must perform a HIPAA Security Risk Analysis (45 C.F.R. § 164.308(a)(1)(ii)(A)).  Forget HIPAA!  Forget the upcoming mandatory HIPAA audits!

If you want to exercise due care in standing up your privacy […]

Clearwater Risk Analysis ToolKit

By |September 8th, 2011|

This entry is part 9 of 48 in the series HIPAA Security Risk Analysis Tips

Regardless of the risk analysis methodology employed, your work must include these elements, HHS / OCR provided final guidance on completing a HIPAA Security Risk Analysis (45 C.F.R. § 164.308(a)(1)).  Regardless of methodology (and some don’t make the grade!), HHS/OCR cites nine (9) essential elements that must be included in your risk analysis.  Here’s a […]

HIPAA Security Risk Analysis Tips – Present Security Controls

By |September 1st, 2011|

This entry is part 10 of 48 in the series HIPAA Security Risk Analysis Tips

 

One of the sub-steps, if you will, in completing the Risk Determination step as part of doing a HIPAA Security Risk Analysis (45 CFR 164.308(a)(1)(ii)(A)) is to Document Present Security Controls.  Here’s today’s big tip — Use the security controls bible!  Read more…

[…]