Health Information Compliance Alert
Is A Complete Security Risk Analysis Optional For Small Providers?
Question: As a very small healthcare provider, do we really need to conduct an in-depth risk analysis?
Answer: The idea that a security risk analysis is optional for small providers is a myth, according to the HHS Office of the National Coordinator for Health Information Technology (ONC). All providers who qualify as covered entities (CEs) under HIPAA must perform a risk analysis. And you must conduct one if you want to receive EHR incentive payments.
You can perform the risk analysis yourself using self-help tools; you don’t necessarily need to outsource the task, ONC says. “However, doing a thorough and professional risk analysis that will stand up to a compliance review will require expert knowledge that could be obtained through services of an experienced outside professional.”
Remember: You don’t need to use any specific method, ONC notes. “A risk analysis can be performed in countless ways.” To get started, try using the Security Risk Assessment Tool at
.
Health Information Compliance Alert
- HIPAA Compliance:
HIPAA In 2015: Prepare Yourself For 5 Big Trends
Prediction: State law claims will continue to facilitate breach lawsuits.
What does 2015 [...] - Meaningful Use:
Good News: CMS Feels Your MU Pain
But don’t expect to escape payment penalties if you’re noncompliant. The Centers for Medicare & [...] - Case Study:
How To Handle Employee 'Snooping' HIPAA Breaches
Follow these tips to protect yourself when terminating peeping employees. You know what curiosity did [...] - Reader Question:
Is A Complete Security Risk Analysis Optional For Small Providers?
Question: As a very small healthcare provider, do we really need to conduct an in-depth [...] - Reader Question:
Do We Really Need Both Anti-Virus And Anti-Malware Software?
Question: Does our practice need to have both antivirus and anti-malware software? What’s the difference [...] - Reader Question:
How Can You Know Whether mHealth App Is HIPAA Compliant?
Question: Our practice would like to start using a mobile health app to engage our [...] - Enforcement News:
Warning: Laptops Used In The Field Are At High Risk
Plus: You’ll pay big for improperly dumping patient files. Just because a laptop is password-protected [...]
