How does your organization categorize the risk of not having completed a bona fide HIPAA risk analysis? Summarized, Peter Drucker is to have said: ”There is the risk you can afford to take, and there is the risk you cannot afford not to take.” Here’s today’s big TIP – Carefully Assess Whether You Can Afford NOT to Complete a Bona Fide HIPAA Security Risk Analysis.
Archive | July, 2013
Recent data released by the US Department of Health and Human Services Office for Civil Rights (OCR) show that providers account for more than two-thirds of all HIPAA Audit Findings and Observations in seven of the eight categories reviewed, and more than half in the category. Health plans don’t perform well either, accounting for between 25% and 38% of reported findings and observations. Here’s today’s big tip – Go to school on 2012 OCR Audits!
Admittedly, I may be tilting windmills here! Consider helping me out. While the wicked “harm standard” is being removed by the Final Omnibus Rule, published in the Federal Register on Friday, January 25, 2013, the confusion around what comprises an authentic risk assessment (known in 45 CFR §164.308(a)(1)(ii)(A) as a Risk Analysis) is perpetuated. Ugh! How does this confusion contribute to organizations becoming and remaining compliant with these regulations? Here’s today’s big ASK – Can We Join Together and Call It Something New – Compromised Assessment or…?!
It’s baaaack! The weekly effort to curate and share articles from multiple disciplines with unique ideas has returned. The concept started as a weekly newsletter that shared selected articles, along with the links and some thoughts on why I liked them. For a variety of reasons, I didn’t maintain the effort. Based on feedback, the […]