How to do a HIPAA Risk Analysis

Overview:

This lesson is designed to enable your Organization to perform a complete Risk Analysis of all PHI it creates, receives, maintains or transmits in any format. You will understand and identify threats, vulnerabilities and risks to your organization's PHI wherever it is located.

• Explain HIPAA Risk Analysis clearly and simply for staff of Covered Entities and Business Associates tasked with doing a HIPAA Risk Analysis who are not members of "the computer security community"
• Clarify and follow NIST methods without confusing jargon and complexity
• Cover Risk Analysis of all PHI - not just electronic PHI
• Demonstrate an interactive, intuitive method for completing the Risk Analysis and creating a Risk Management Program to help you jump start compliance

• HIPAA Rules do not explain how to do a Risk Analysis
• HHS provides 9 pages of guidance, published in 2010 that "is based on recommendations of the National Institute of Standards and Technology (NIST)" However, the lengthy, complex NIST recommendations cited by HHS are highly technical and specifically geared to "the computer security community"
• A "Security Risk Assessment Tool", designed only for small medical practices, is available at HealthIT.gov but does not cover the HIPAA Privacy Rule and carries the express warning, "Use of this tool is neither required by nor guarantees compliance with federal, state or local laws"

• HIPAA Risk Analysis Importance Explained
• HIPAA Risk Analysis Explained In A Clear Concise Step-by-Step Process
• The Elements OF A Complete HIPAA Risk Analysis - All PHI
• Creating Your HIPAA Risk Management Program Directly From Your HIPAA Risk Analysis

• HIPAA Compliance Officials
• Marketing - Patient Relations Manager
• Health Care Practice Manager
• Risk Manager - Compliance Manager
• Information Systems Manager
• Legal Counsel