Survey Says: Majority Missing Key Piece of HIPAA Compliance

A recent poll of webinar attendees found that barely one-third may be HIPAA compliant, based upon responses to a single question. Conducting an annual Security Risk Analysis is one of the foundational requirements of HIPAA compliance. Still, only 33.5 percent of 146 respondents answered affirmatively to the question, “Have you completed your HIPAA Risk Analysis for this year?” The poll was conducted [...]

2022-06-13T15:44:54-04:00June 3rd, 2022|

HIPAA SRA Requirements: Conduct Ongoing, Continuous Risk Analyses

The question is asked of HIPAA subject matter experts with an almost maddening frequency: “How often do I need to conduct a HIPAA Security Risk Analysis (SRA)?” In 2010, the Department of Health and Human Services’ Office for Civil Rights issued guidance on the topic. The guidance did not spell out how often the analysis is to be performed. Yet, the guidance [...]

2022-05-06T17:03:34-04:00March 1st, 2022|

Completing Your Annual HIPAA Risk Assessment Before the Deadline

You must complete a HIPAA risk assessment each year, and now is the time to do so. Conducting an annual HIPAA risk assessment is an important part of compliance, as well being integral to protecting your business against breaches. This is because risk assessments reveal vulnerabilities, threats, and risks to protected health information (PHI) thus uncovering deficiencies in your current security practices. [...]

2022-05-06T17:03:50-04:00November 19th, 2021|

Everything You Need to Know About HIPAA Security Risk Assessments

It’s that time of year when you should be preparing for your annual HIPAA security risk assessment. As the year comes to a close, the last thing you want to worry about is meeting the risk assessment deadline. So why delay the inevitable when you can avoid the end of year rush by completing your risk assessment now? Now that you’re ready to get started, learn [...]

2022-05-06T13:36:51-04:00October 13th, 2021|

5 Tips on How to Complete a Risk Assessment

Are you worried about completing your HIPAA risk assessment? Many organizations are. To provide you with guidance, 5 tips on how to complete a risk assessment are discussed. Educate yourself on the HIPAA Security Rule Identify risks and vulnerabilities Create and implement remediation plans Use a risk assessment tool Repeat annually How to Complete a Risk Assessment Completing your [...]

2022-07-12T12:07:38-04:00April 15th, 2021|

$5.1 Million Fine Announced for HIPAA Data Breach

The Department of Health and Human Services (HHS) Office for Civil Rights has entered into a settlement with the Excellus Health Plan, under which Excellus has agreed to pay $5.1 million and to enter into a corrective action plan. The settlement was prompted by an OCR investigation that found widespread noncompliance with provisions of the HIPAA Privacy and Security Rules. As a result of the noncompliance, the data [...]

2022-05-06T14:44:10-04:00January 15th, 2021|

Why You Should Complete an SRA Now Even If You Qualify for a MIPS Exception

CMS recently announced that under certain circumstances, healthcare providers are exempt from the requirement to complete a security risk analysis (SRA), while remaining eligible to benefit from the MIPS Quality Payment Program. However, healthcare providers must still complete an SRA to satisfy HIPAA requirements. So even if you qualify for the MIPS SRA exemption, you will still need to meet the HIPAA SRA requirement. Why you should complete [...]

2022-05-06T14:25:47-04:00October 19th, 2020|

New OCR Guidance on Completing a Risk Assessment

Recently, to provide HIPAA covered entities and business associates with assistance in completing their risk assessments, the Office for Civil Rights (OCR) released guidance. The OCR guidance lays out a detailed list of IT asset inventory steps that should be taken when completing a risk analysis. More details on the OCR guidance are discussed below. Compliancy Group offers clients a full HIPAA [...]

2022-05-06T13:36:53-04:00August 27th, 2020|

HIPAA and Risk Assessment: Is a HIPAA Risk Assessment Mandatory?

Recently, many organizations have begun to wonder if a risk assessment is mandatory. This in part is due to misinformation on some websites that claim that a HIPAA mandatory risk assessment is not actually mandatory. The question of is a HIPAA risk assessment mandatory is answered below. HIPAA and Risk Assessment: HIPAA Mandatory Risk Assessment Is a HIPAA risk assessment mandatory? The Health Insurance Portability and Accountability Act (HIPAA) [...]

2022-05-06T13:36:53-04:00May 1st, 2020|

HIPAA Settlement Reached with Gastroenterological Sole Practitioner

The Department of Health and Human Services’ (HHS) Office for Civil rights (OCR) issued the first HIPAA settlement for 2020. Steven A. Porter, M.D., a gastroenterological sole practitioner, has agreed to pay $100,000 to the OCR for HIPAA violations. On November 21, 2013, Steven A. Porter, M.D. filed a breach report with the OCR claiming that their business associate (BA), Elevation43, was withholding the Practice’s [...]

2022-05-06T13:36:53-04:00March 3rd, 2020|