HIPAA Blog

[ Friday, May 27, 2011 ]

 

OCR letter: An interesting blog post about OCR's investigative response to a small medical practice that suffered a laptop theft. I'm not particularly surprised by what they're asking for. But what it should highlight is that if you haven't done a Security Risk Analysis (you were required to do it in 2003 and "periodically" update it), you're going to have a hard time explaining that failure if you suffer a breach.

Jeff [11:52 AM]

Comments:
Thanks Jeff! I totally agree that if you don't have a documented risk assessment you have a lot of explaining to do! I appreciate the feedback.

I actually wrote a blog about HIPAA Risk Assessments today on my HIPAA Secure Now! blog

http://www.hipaasecurenow.com/index.php/a-closer-look-at-a-hipaa-risk-assessment/

Thanks again!

Art Gross
 
Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template