December 8, 2016. The National Institute of Standards and Technology has published a new Interagency Report, dated November 2016, entitled: Dramatically Reducing Software Vulnerabilities: Report to the White House Office of Science and Technology Policy, that has implications for achieving safeguard compliance in healthcare. The Report highlights the importance of risk analysis, which serves as the foundation in HIPAA and Meaningful Use healthcare privacy and security policies of identifying threats and vulnerabilities to electronic protected health information and mitigating them by implementing a security management program. The Report states:
Ed Jones, CEO of HIPAA Integrity discussing the importance of both Covered Entities and Business Associates conducting a Risk Analysis. The Risk Analysis is the first step towards HIPAA Compliance.
Our First Webinar Covers: Conducting a Risk Analysis.
Protected health information (PHI) must be secured under HIPAA and HITECH Act regulations, and covered entities and business associates are required to demonstrate compliance by conducting a risk analysis and implementing safeguard policies and procedures. The penalties for noncompliance are severe and enforcement is conducted not only at the federal level, but also by state attorneys general under the HITECH Act.
We commend to your attention an important article that appears in a June 13, 2014, Healthcare IT News posting: “Security tips from the health IT pros,” which is available online at: http://www.healthcareitnews.com/print/80616. This article has useful advice on a number of topics, including the importance of