Episode 11: Know The Rules! Business Associates HIPAA Security Risk Analysis

Did you know?

All Business Associates (BAs) are required to perform a risk analysis to identify their potential administrative, physical and technical security risks to PHI.

Required and Addressable Implementation Specifications

Covered Entities (CEs) and BAs are required to comply with every Security Rule “Standard.” However, the Security Rule categorizes certain implementation specifications within those standards as “addressable,” while others are “required.” The “required” implementation specifications must be implemented.

The “addressable” designation does NOT mean that an implementation specification is optional. However, it permits CEs and BAs to determine whether the addressable implementation specification is reasonable and appropriate for that CE or BA. If it is not, the Security Rule allows the CE or BA to adopt an alternative measure that achieves the purpose of the standard, if the alternative measure is reasonable and appropriate 45 C.F.R. § 164.306(d).

Covered Entities and Business Associates need to understand their patients are entrusting them with their most private and intimate details, they expect it to remain secure!

Besides, it is YOUR practice, YOUR patient’s, YOUR reputation and YOUR legacy! Why are you leaving yourself wide open to their risks?

For tips like this and more request your copy of “HIPAA Security Rule – Know The Rules!” Newsletter Today AND to learn more about our FREE monthly webinar.