C-Suite On Deck
Keep me plugged in with the best
Join thousands of your peers and receive our weekly newsletter with the latest news, industry events, customer insights, and market intelligence.
I agree to the
terms of service
PLEASE CORRECT THE FOLLOWING:
Please Enter Some Keywords
Avoiding Critical Security Risk Analysis Mistakes
Healthcare organizations and their business associates must be careful to avoid making mistakes with their HIPAA security risk analysis in case they ever undergo a compliance review or breach investigation by federal regulators, says privacy attorney Adam Greene. “What I see a lot of – and it’s both sad and frustrating – is that a covered entity or business associate might hire an outside security consultant to do a security risk assessment … but what they end up getting is a gap analysis against the HIPAA Security Rule or another set of controls,” he says in an interview with Information Security Media Group. While a gap analysis can be helpful, “it’s not the sort of risk assessment that the Department of Health and Human Services’ Office for Civil Rights is looking for … if there’s an investigation, audit or breach,” he stresses. What OCR is looking for in a HIPAA security risk analysis “is threat/vulnerability pairings” involving protected health information, he explains.
I'm for real
Enter your email once to access all our information and resources.
(Your email address is required so we know you're a real person)
By downloading this content, you give permission for your contact information to be shared with the content provider who may contact you in regards to the content.