• Home
  • Blog
  • Contact
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceHIPAA Compliance
  • Home
  • Blog
  • Contact

OCR Issues Draft Guidance on Security Risk Analysis

May 12, 2010 Security No Comments

The Office for Civil Rights (OCR) of the Department of Health and Human Services  (HHS) issued on May 7, 2010, Security Rule Draft Guidance on Risk Analysis. This is the first in a “series of guidance documents [that] will assist organizations in identifying and implementing the most effective and appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of electronic protected health information.  The materials will be updated annually, as appropriate.”

This eight-page document is available online.

The Draft Guidance on Risk makes the following key points:

“The Security Rule does not prescribe a specific risk analysis methodology, recognizing that methods will vary dependent on the size, complexity, and capabilities of the organization.  Instead, the Rule identifies risk analysis as the foundational element in the process of achieving compliance, and it establishes several objectives that any methodology adopted must achieve….

“The risk analysis process should be ongoing.  In order for an entity to update and document its security measures ‘as needed,’ which the Rule requires, it should conduct continuous risk analysis to identify when updates are needed….

“Risk analysis is the first step in an organization’s Security Rule compliance efforts.  Risk analysis is an ongoing process that should provide the organization with a detailed understanding of the risks to the confidentiality, integrity, and availability of e-PHI.”

OCR requests public comment on the Draft Guidance on Risk Analysis, which can be sent to OCRPrivacy@hhs.gov.

Tags: administrative safeguardsavailabilityconfidentialityDEPARTMENT OF HEALTH AND HUMAN SERVICESDraft Guidance on Risk Analysise-PHIePHIHHSintegrityOCROffice for Civil Rightsphysical safeguardsRisk AnalysisSecurity Ruletechnical safeguards
No Comments
Share
0

You also might be interested in

Red Flags Rules Compliance Countdown: 2 days

Apr 29, 2009

The Federal Trade Commission’s (FTC’s) red flags rules for financial[...]

Technical Safeguard Standards of the HIPAA Administrative Simplification Security Rule

Jun 1, 2009

There are five technical safeguard standards:  access control, audit controls,[...]

OCR of HHS FINALLY Issues HIPAA/HITECH Act Privacy, Security, Enforcement, and Breach Notification Modifications Final Rule

Jan 18, 2013

January 18, 2013. On January 16, 2013, the Office of[...]

Leave a Reply Cancel Reply

Categories

  • 5010
  • American Recovery and Reinvestment Act
  • Enforcement
  • GINA
  • Health Care Reform
  • Health IT and HITECH
  • HIPAA Law
  • Identifiers
  • Meaningful Use
  • Privacy
  • Red Flags Rules
  • Security
  • Transactions & Code Sets
  • Uncategorized

Recent Posts

  • Contracting with Vendors that are NOT HIPAA Business Associates: Best Practices
  • HIPAA Breach: Who You Gonna Call?
  • Can I Be Sued for a HIPAA Violation?
  • Business Associate Agreements – a First Look at Indemnification
  • Gmail, Google Apps for Business HIPAA Business Associate Agreements

Archives

Contact Us

We're currently offline. Send us an email and we'll get back to you, asap.

Send Message
HIPAA- Health Insurance Portability Accountability Act

© 2023 · hipaa.com

Prev Next