The Difference Between HIPAA Risk Analysis and Gap Analysis

The terms “HIPAA risk analysis” and “HIPAA gap analysis” are commonly confused because they sound the same, and embody similar concepts. However, the two activities are unique, involve processes that are distinct from each other, and target different components of HIPAA compliance - so it’s important to avoid confusing them. What is a HIPAA Risk Analysis? A HIPAA risk analysis is required under the [...]

2022-05-06T13:36:55-04:00July 29th, 2019|

Six Risk Assessments Fail to Prevent $2.7 Million HIPAA Settlement

Oregon Health and Science University (OHSU) reached a settlement with OCR earlier in July for $2.7 million. The organization had executed six risk analysis over the course of 10 years, but the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) found that those risk assessments did not constitute a sufficient HIPAA compliance plan. This case should be a clear sign to healthcare professionals that merely [...]

2019-10-31T09:39:45-04:00July 21st, 2016|