Do you have ePHI data (HIPAA)? Are you conducting your Risk Analysis? Have you developed your Risk Management plan afterwards?

via Guidance on Risk Analysis | HHS.gov

We begin the series with the risk analysis requirement in § 164.308(a)(1)(ii)(A).  Conducting a risk analysis is the first step in identifying and implementing safeguards that comply with and carry out the standards and implementation specifications in the Security Rule.  Therefore, a risk analysis is foundational, and must be understood in detail before OCR can issue meaningful guidance that specifically addresses safeguards and technologies that will best protect electronic health information.

Does your organization need help with this? Contact The Most Interesting Man in IS and let me help you.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.