Episode 3: Know The Rules! HIPAA Risk Analysis


Did you know?

ALL Business Associates (BAs) are required to perform a HIPAA risk analysis to identify their potential Administrative, Physical and Technical security risks to electronic protected health information (ePHI).

The Administrative Safeguards provisions require BAs to perform risk analysis as part of their security management processes.

The results of the risk analysis will be used to determine security measures reasonable and appropriate for each organization.

A risk analysis process includes, but is not limited to, the following activities:

  1. Evaluate the likelihood and impact of potential risks to e-PHI 45 C.F.R. § 164.306(b)(iv);
  2. Implement appropriate security measures to address the risks identified in the risk analysis 45 C.F.R. § 164.308(a)(1)(ii)(B);
  3. Implement appropriate security measures to address the risks identified in the risk analysis 45 C.F.R. § 164.308(a)(1)(ii)(B);
  4. Document the chosen security measures and, where required, the rationale for adopting those measures 45 C.F.R. § 164.306(d)(3)(ii)(B)(1); 45 C.F.R. § 164.316(b)(1); and
  5. Maintain continuous, reasonable, and appropriate security protections 45 C.F.R. § 164.306(e).

Covered Entities and Business Associates need to understand patients are entrusting YOU with their most private and intimate details, they expect it to remain secure.

Besides, it is YOUR practice, YOUR patients, YOUR reputation and YOUR legacy! Why are you leaving yourself wide open to such risks?

 


For tips like this and more request your copy of our “HIPAA Security Rule – Know The Rules!” Newsletter Today.