Ho Ho Ho - TBHI Holiday Special 40% off USE CODE



HIPAA Risk-AssessmentConducting Health Insurance Portability and Accountability Act HIPAA risk assessments has been required for years, but many small or independent practitioners haven’t bothered because of the burden. The proliferation of practitioners using one or more devices with clinical populations has required an expedited process to relieve complications and burdens related to HIPAA compliance.

Healthcare IT News reported that HHS’s Office for Civil Rights and the Office of the National Coordinator for Health IT have released a “security risk assessment tool” for small and mid-sized entities.  Officials explained, “The tool is designed to help practices conduct and document a HIPAA risk assessment in a thorough, organized fashion at their own pace by allowing them to assess the information security risks in their organizations under the … HIPAA Security Rule.”  The tool is available as a downloadable mobile app. It also can create a report to be shown to auditors.

With HIPAA, all “covered entities” must “regularly review the administrative, physical and technical safeguards they have in place to protect the security of

Member Login

information.”  As HHS staff noted in their recent news release, “By conducting these HIPAA risk assessments, health care providers can uncover potential weaknesses in their security policies, processes and systems.”  According to National Coordinator for Health Information Technology Karen DeSalvo, the new tool  will  meet providers’ needs and goals: “Protecting patients’ protected health information is important to all health care providers and the new tool we are releasing today will help them assess the security of their organizations.”

HHS officials noted that “risk analysis tops the list for where health care entities often make their biggest HIPAA misstep.” As Health care data breaches have involved “more than 30 million people [having] their protected health information compromised”  and “Organizations have been required to pay $18.6 million in settlement fines. State fines are not included in that estimate. As we have reported here at the Telebehavioral Health Institute,  the most frequently reported target for HIPAA enforcement is private practices. This new tool will simply and expedite the regular risk assessment task of the private or small group practitioner.
HHS and ONC are asking for comments from users.

What Are Your Thoughts?

Please leave your comments below.

Basic Telehealth Legal Issues

Would TBHI Telehealth Training Help You?

Basic Telehealth Legal Issues: Rules, Regulations & Risk Management

Bring your telehealth practice into legal compliance. Get up to date on interjurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, duty to report, termination and much more!