HIPAA security risk assessment tip: Follow through
HIPAA Weekly Advisor, May 24, 2010
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
You may have heard recently about the need for a security risk assessment.
The HIPAA Security Rule requires this type of assessment. However, many healthcare organizations have never completed a risk assessment, have not kept it up to date, or have failed to address all necessary areas of risk.
Even if your organization has already completed a security risk assessment, HIPAA requires that it revisit the document as part of an ongoing risk management program, said Joseph R. McClure, Esq., a regulatory and compliance principal at HDX Operations, Siemens Medical Solutions USA, Inc.
And you must follow through on your assessment. After completing your risk assessment, your organization needs to identify how it will correct any pinpointed weaknesses. Covered entities (CEs) also need to implement a formalized, documented risk assessment process, says Ruelas.
Editor’s note: The preceding is an excerpt of an article in the April 2010 issue of the HCPro, Inc. newsletter, Briefings on HIPAA.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- HIPAA Q&A: Level of encryption needed for email
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- QA:Coding multiple initial infusions
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- CMS has reformulated payments for some bilateral procedures
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched