How To Do A HIPAA Risk Assessment – Part 1

The Office of Civil Rights (OCR) is performing more and more HIPAA audits. How can you avoid getting hit with severe penalties from the government? The best way is to perform a complete HIPAA Risk Assessment, and to follow through with training and implementation.

Find out how to get compliant, and stay compliant in this multi-part series.

We can help your practice get up to date and prepared to minimize breach risks from third-party vendors. Subscribe to stay current and up to date on important matters that will impact your practice.  (To subscribe to our blog ).

First, what is a HIPAA Risk Assessment?

A HIPAA Risk Assessment is an analysis of potential risks and vulnerabilities to the confidentiality, availability and integrity of all protected health information (PHI) that the healthcare provider creates, receives, maintains, or transmits. It is the first step in getting compliant with the HIPAA Security Rule. Complete assessments look at both non-electronic PHI, and electronic protected health information (e-PHI).

Once the security risks are identified, a plan must be developed to manage and mitigate the risks. The plan, in the form of policies and procedures, must be carried out by the provider to satisfy OCR requirements.

Many healthcare providers have HIPAA policies and procedures in place, but don’t always follow them. Other providers have outdated policies and procedures in place. These policies and procedures need to be updated and implemented to avoid steep penalties and costly breaches.

Remember, if an investigator comes to your practice, they will look not only at your policies and procedures, but also at your documentation showing compliance with your policies and procedures. You will be held responsible for your HIPAA policies, and if the policies are out of date or not followed, penalties will be assessed.

When was the last time you had HIPAA training? Is your staff prepared for an investigation?

HIPAA training should take place at least annually. Any and all updates require new training, and new staff must be trained upon hiring.

While a complete HIPAA Risk Assessment may sound burdensome, implementation can save your practice money. OCR fines can be costly, and breaches even more so. Make sure your practice is up to date, and ready for an investigation, before it’s too late.

We help our clients plan and conduct audits, and we can help you create and implement a HIPAA compliance plan. Contact us today!

Come back next week for Part 2 of this series.

We publish vital information on health law topics and news every Wednesday and Friday. To get this important information delivered directly to your mail box, click here to Subscribe.

P.S. If you or your patients are interested in consumer healthcare issues, check out myhealthspin.com.

 

Related Posts

Categories

Recent Posts

Happy Thanksgiving from Rickard & Associates!
November 24, 2022
Protect Your Practice Against Telemedicine Fraud
November 22, 2022
Do I Need an Estate Plan?
November 17, 2022
Ready for an Audit?
November 15, 2022
What’s Wrong with Using an Online Will?
November 10, 2022

Subscribe

Enter your email to subscribe now and receive your FREE HIPAA Risk Assessment book!

An essential tool for all healthcare providers, Easy Guide to HIPAA Risk Assessments breaks down the requirements of HIPAA so you can successfully complete your required risk assessment.

 

Get it now for FREE (an $8.99 value!)

One more step! Please check your email to confirm your subscription and receive your FREE book!