Episode 6: Know The Rules! Establishing Your Security Management Process

Every Business Associate (BA) that creates, receives, maintains, or transmits protected health information (PHI) is required to perform a comprehensive organization-wide HIPAA Risk Analysis (Per: §164.308(a)(1)(ii)(A)).

This includes establishing and maintaining effective Security Management Process is not only a requirement, but is also a critical and a necessary activity for the protection of ALL of your patient’s PHI.

Today, we focus on HIPAA Security Risk Analysis from three distinct areas. They are:

  1. Business Risks determine your level of risk tolerance and the likelihood of occurrence.
  2. Patients Safety securing the PHI is patient care. Errors could occur including risk to patient care from lost or changed data, or a harmful drug interaction.
  3. Adhere to regulatory compliance.

Each of these areas may have a higher risk level to different individuals. However, each organization must evaluate ALL possible risk areas and its effect in their environment.

Covered Entities and Business Associates need to understand patients are entrusting them with their most private and intimate details, they expect it to remain secure.

Besides, it is YOUR practice, YOUR patient’s, YOUR reputation and YOUR legacy! Why are you leaving yourself wide open to such risks?





Don’t know where or how to start or update your HIPAA security compliance training? Let’s chat about your compliance program – schedule a call with HIPAA alli today!

2 thoughts on “Episode 6: Know The Rules! Establishing Your Security Management Process

  1. […] requirements is much narrower than the scope of a risk analysis for the HIPAA Security Rule Security Management Process […]

  2. […] HIPAA Security Rule defines a security incident as an attempted or successful unauthorized access, use, disclosure, […]