The Office for Civil Rights (OCR), the HIPAA enforcement arm of the U. S. Department of Health and Human Services (HHS) has recently announced alarming results of the Phase 2 covered entity HIPAA compliance audits. 94% failed the risk management audit and 87% failed the risk analysis audit! Every audited covered entity knew well in advance that it was on the short list to be audited, had completed pre-audit questionnaires and knew the exact questions it would be asked and documentation to be provided (audit protocols).
Attend this session to learn how the acts of HIPAA risk analysis – Risk Management, step-by-step, with the steps demonstrated and explained clearly in plain language.
HIPAA Risk Analysis – Risk Management is the basis of your HIPAA compliance program. OCR rightly considers the most serious, most widespread HIPAA deficiency for covered entities and business associates – surpassing all others – is an organization's failure to perform a HIPAA risk analysis and implement a risk management program to address its risks.
The HIPAA rules do not say how to do HIPAA risk analysis – Risk management. OCR's limited 9 page guidance document refers organizations to technical procedures in manuals created by the National Institute of Standards and Technology (NIST) computer security division and geared to "the computer security community". Several federal "Security Risk Assessment Tools" are available, incomplete, cumbersome and have an explicit disclaimer – use of the tool does not guarantee compliance with federal, state or local laws.
However, federal risk analysis – Risk management procedures are easy to follow, step-by-step, when you know the steps. This webinar explains and demonstrates those steps.