• E-mail
• Print
• RSS

Privacy and security primer: Tips from the August 2014 issue of Briefings on HIPAA

HIM-HIPAA Insider, August 18, 2014

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

1. Get back to basics and pinpoint what risk analysis, assessment, and management truly mean so you can adequately identify current risks and protect your organization from potential breaches.
2. The terms risk assessment and risk analysis are often used interchangeably, but are in fact two different things.
3. A risk assessment is part of an overall risk management program and should be an ongoing process.
4. A combination of checklists, forms, and ongoing walk-around security reviews can often help with an assessment, but won't suffice for your analysis.
5. A risk analysis is more in depth than a risk assessment—but just because it needs to be in-depth doesn't mean you should make it overly complicated.
6. Risk assessment and analysis lead to risk management, and confusing the steps or skipping some of them can be costly.
7. When identifying risks, be aware of all of the federal and state requirements with which healthcare organizations must abide.
8. A risk analysis must be tailored to meet the needs of your organization and should be based on its size, complexity, and capabilities.
9. If making sense of each and every definition and concept in the HIPAA Omnibus Rule seems overwhelming, just remember you're not alone. Your peers in privacy, security, and even IT may be feeling the pressure as well.
10. Although security officers facilitate the risk management process, they must present their findings to senior leaders so the process of implementing or updating controls can be approved.

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

• E-mail to a Colleague
• Print
• RSS
• Archive