Risk Management Plan

Developing a Risk Management Plan and Implementing New Procedures A HIPAA risk assessment should reveal any areas of an organization´s security that need attention. Organizations then need to compile a risk management plan in order to address the weaknesses and vulnerabilities uncovered by the assessment and implement new procedures and policies where necessary to close Read More →

HIPAA Privacy

Requirements For HIPAA Privacy Risk Assessment Due to the requirement to conduct risk assessments being introduced in the HIPAA Security Rule, many Covered Entities and Business Associates overlook the necessity to conduct a HIPAA privacy risk assessment. Due to the HIPAA Journal, HIPAA privacy risk assessment is equally as important as a security risk assessment, Read More →

HIPAA Risk Assessment

What a HIPAA Risk Assessment Should Consist Of The US Department of Health & Human Services (HHS) acknowledges that there is no specific risk analysis methodology. This is due to Covered Entities and Business Associates varying significantly in size, complexity and capabilities. However, HHS does provide an objective of a HIPAA risk assessment – to Read More →

HIPAA compliance

HIPAA Risk Assessment for Covered Entities and Business Associates The requirement for Covered Entities and Business Associates to conduct a HIPAA risk assessment is not a new provision of the Health Insurance Portability and Accountability Act. The requirement was first introduced in 2003 in the HIPAA Security Rule (45 CFR § 164.308 – Security Management Process), Read More →

HIPAA training

Who should track HIPAA changes in order to provide employee training?  Usually, Privacy and Security Officers assess whether HIPAA training is required. To do this, they should: Regularly monitor HHS and state publications for notice of rule changes.  Subscribe to a news feed or other official communication channel. Conduct a risk assessment of new rules Read More →

refresher trainng hipaa

Who should track changes to provide HIPAA training? HIPAA training should be provided when there is a change in operational process, technology, when new rules or guidelines are issued by the Department for Health and Human Services. Usually, Privacy and Security Officers assess whether HIPAA training is required. To do this, they should: Regularly monitor Read More →

timeframes for HIPAA Training

How often: What are the required timeframes for HIPAA Training? Actually, neither the Privacy Rule nor the Security Rule offer suggestions with mandating specific timeframes. The Privacy Rule states that HIPAA training is required for “each new member of the workforce within a reasonable period of time after the person joins the Covered Entity’s workforce”. Read More →

HIPAA Privacy Rule

HIPAA Privacy Rule Training: Why do you need it and what are the requirements HIPAA Privacy Rule and an administrative safeguard of the HIPAA Security Rule set certain mandatory recommendations for training as HIPAA applies to different types of Covered Entity (CE) and Business Associate (BA). Also, training is recommended for the workforce to carry Read More →

The Privacy Rule

The Privacy Rule: General Principle for Uses and Disclosures A major purpose of the Privacy Rule is to define and limit the circumstances in which an individual’s protected heath information may be used or disclosed by covered entities. A covered entity may not use or disclose protected health information, except either: (1) as the Privacy Read More →

Protected Health Information

HIPAA Privacy Rule: Protected Health Information The Privacy Rule protects all “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information “protected health information (PHI).” “Individually identifiable health information” is information, including demographic data, that relates Read More →