Archive | July, 2013

HIPAA Risk Analysis Tip – Sage Risk Management Advice from Drucker

How does your organization categorize the risk of not having completed a bona fide HIPAA risk analysis? Summarized, Peter Drucker is to have said: ”There is the risk you can afford to take, and there is the risk you cannot afford not to take.” Here’s today’s big TIP – Carefully Assess Whether You Can Afford NOT to Complete a Bona Fide HIPAA Security Risk Analysis.

Continue Reading

HIPAA Audit Tips – Providers and Health Plans Perform Poorly in HIPAA Audits

Recent data released by the US Department of Health and Human Services Office for Civil Rights (OCR) show that providers account for more than two-thirds of all HIPAA Audit Findings and Observations in seven of the eight categories reviewed, and more than half in the category. Health plans don’t perform well either, accounting for between 25% and 38% of reported findings and observations. Here’s today’s big tip – Go to school on 2012 OCR Audits!

Continue Reading

HIPAA Risk Analysis Tips – Open Appeal to Risk Thought Leaders

Admittedly, I may be tilting windmills here! Consider helping me out. While the wicked “harm standard” is being removed by the Final Omnibus Rule, published in the Federal Register on Friday, January 25, 2013, the confusion around what comprises an authentic risk assessment (known in 45 CFR §164.308(a)(1)(ii)(A) as a Risk Analysis) is perpetuated. Ugh! How does this confusion contribute to organizations becoming and remaining compliant with these regulations? Here’s today’s big ASK – Can We Join Together and Call It Something New – Compromised Assessment or…?!

Continue Reading