[ Friday, May 27, 2011 ]
OCR letter: An interesting blog post about OCR's investigative response to a small medical practice that suffered a laptop theft. I'm not particularly surprised by what they're asking for. But what it should highlight is that if you haven't done a Security Risk Analysis (you were required to do it in 2003 and "periodically" update it), you're going to have a hard time explaining that failure if you suffer a breach.Jeff [11:52 AM]
Comments:
http://www.blogger.com/template-edit.g?blogID=3380636
Blogger: HIPAA Blog - Edit your Template
Thanks Jeff! I totally agree that if you don't have a documented risk assessment you have a lot of explaining to do! I appreciate the feedback.
I actually wrote a blog about HIPAA Risk Assessments today on my HIPAA Secure Now! blog
http://www.hipaasecurenow.com/index.php/a-closer-look-at-a-hipaa-risk-assessment/
Thanks again!
Art Gross
Post a Comment
I actually wrote a blog about HIPAA Risk Assessments today on my HIPAA Secure Now! blog
http://www.hipaasecurenow.com/index.php/a-closer-look-at-a-hipaa-risk-assessment/
Thanks again!
Art Gross
