Is Your Risk Assessment Effective?

The Office of Civil Rights (OCR) is performing more and more HIPAA audits, and every day the news is full of patient data breaches.

We can help your practice stay on top of the latest healthcare news, rules, regulations and trends.  Subscribe to stay current and up to date on important matters that will impact your practice.  (To subscribe to our blog click here).

How can you protect your practice and avoid getting hit with severe penalties from the government? The best way is to perform a complete and thorough HIPAA Risk Assessment, and to support it with effective training and implementation.

What is a HIPAA Risk Assessment?

A HIPAA Risk Assessment is an analysis of potential risks and vulnerabilities to the confidentiality, availability, and integrity of all protected health information (PHI) that the healthcare provider creates, receives, maintains, or transmits. It is the first step in getting compliant with the HIPAA Security Rule. Complete assessments look at both non-electronic PHI, and electronic protected health information (e-PHI).

Once the security risks are identified, a compliance plan must be developed to manage and mitigate the risks. The plan, which consists of a comprehensive set of policies and procedures, must be carried out by the provider to satisfy OCR requirements.

Many healthcare providers have HIPAA policies and procedures in place, but don’t always follow them. Other providers have outdated policies and procedures in place. These policies and procedures need to be updated and implemented to avoid steep penalties and costly breaches.

Remember, if an investigator comes to your practice, they will look not only at your policies and procedures, but also at your documentation showing compliance with those plans. You will be held responsible for your HIPAA policies, and penalties will be assessed if the policies are out of date or not followed, .

When was the last time you had HIPAA training? Is your staff prepared for an investigation?

HIPAA training should take place at least annually. Any and all updates require new training, and new staff must be trained upon hiring.

While a complete HIPAA Risk Assessment may sound burdensome, implementation can save your practice money. OCR fines can be costly, and breaches even more so. Make sure your practice is up to date, and ready for an investigation, before it’s too late.

Risk assessments can help your practice be protected from ransomware and breaches.

We can help. Our practice specializes in crafting HIPAA compliance plans and policies that fit your specific needs and goals. We also design and deliver comprehensive HIPAA compliance training programs that ensure you and your employees know the law and how to follow it. Contact us today to get started!

We publish vital information on health law topics and news every Wednesday and Friday. To get this important information delivered directly to your mail box, click here to Subscribe.

Do you need help staying current and compliant with the latest laws, rules and regulations?  We can help. To contact us about your new government rules and regulations, your practice’s risk assessment, or about your other legal needs:  CLICK HERE.

P.S. If you or your patients are interested in consumer healthcare issues, check out

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.