About HIPAA Risk Assessments and
Best Practices
One of the key elements of HIPAA
compliance is risk assessment. This
requirement was part of the original HIPAA
privacy rules in 2003. However, it was
bolstered in 2013 with the Final Omnibus
Rule, which extended compliance and
risk assessment regulations to business
associates.
Without conducting risk assessments,
complying with HIPAA rules is near
impossible and exposes you to noncompliance
fines. Fines issued vary
depending on the severity of the breach or
compliance levels. Most HIPAA fines fall
under the ‘willful neglect’ category, which
attracts steep penalties.
With fines of such magnitude on the table,
non-compliance can cost you your business.
When it comes to HIPAA compliance, there
are many regulations to follow, and none
has greater significance than the other.
As such, the best way to ensure you are
compliant at all times is to follow a HIPAA
compliance checklist such as:
• Know which assessments and annual
audits apply to your institution.
• Perform all necessary audits and
assessments and document all
deficiencies after analyzing the results.
• Develop remediation measures and put
them in action. Follow up with annual
reviews and updates when needed.
• Appoint a HIPAA compliance and
security officer.
• Conduct annual HIPAA compliance
training for all staff.
• Document HIPAA training for staff
members and attestation of HIPAA
policies.
• Ensure that business associates are
compliant with HIPAA rules.
• Set out and review processes that allow
your team to report breaches and how
violations are reported to the U.S.
Department of Health and Human
Services Office for Civil Rights (HHS
OCR).
The Importance of HIPAA
Compliance Training for Your
Team
A patients’ PHI contains a large amount of
sensitive information. When such data falls
into the wrong hands, it could have serious
implications for you and them. On the
patients’ side, exposure of such information
may reach their relatives or employers
without their permission. Hackers can
also use such information to impersonate
patients for fraud.
Without conducting risk assessments,
When such data is exposed, your facility
will be liable and can face steep fines. As
such, it is vital to adhere to all HIPAA rules.
However, this is easier said than done.
For your team to achieve and maintain
compliance, they must be aware of the steps
needed to protect patient information. It is
crucial to conduct regular staff compliance
training for HIPAA. Compliance Training
can be best achieved by working with a
reputable institution such as GreyCastle
Security.
How Can GreyCastle Security
Help?
When it comes to HIPAA, it’s all about risk
management, which involves identifying,
controlling, and mitigating risks in the
information system. To ensure clients’
systems are secure, GreyCastle Security
uses a four-phase risk assessment approach.
(See About HIPPA Risk Assessments on page 42)
partners
TOGETHER
complying with HIPAA rules is near impossible
and exposes you to non-compliance fines.
leadingageny.org 21