[ Friday, May 27, 2011 ]


OCR letter: An interesting blog post about OCR's investigative response to a small medical practice that suffered a laptop theft. I'm not particularly surprised by what they're asking for. But what it should highlight is that if you haven't done a Security Risk Analysis (you were required to do it in 2003 and "periodically" update it), you're going to have a hard time explaining that failure if you suffer a breach.

Jeff [11:52 AM]

Thanks Jeff! I totally agree that if you don't have a documented risk assessment you have a lot of explaining to do! I appreciate the feedback.

I actually wrote a blog about HIPAA Risk Assessments today on my HIPAA Secure Now! blog


Thanks again!

Art Gross
Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template