[ Monday, January 16, 2017 ]


New Year, Recurring Tasks: It's a new year, so that should get you thinking about two things: reporting any "small" breaches of unsecured PHI that occurred during 2016 (you have until the end of February to do so, using the HHS on-line reporting tool) and planning your next HIPAA risk assessment.  You do that annually, don't you?  Of course you do, maybe not at the beginning of the year, but now's a good time to start planning it.

While you're mapping out your risk analysis and getting your ducks in a row, you might want to consider a slightly larger scope to your risk assessment: don't just look for PHI issues, but look for all data concerns.  In that regard, you might want to consider using both the OCR tools as well as the NIST tools.  In fact, here's a good article making that exact point.  

Jeff [3:22 PM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template