HIPAA Security Risk Analyses


As noted in Paul Kim and Hannah Whitman Clark's article regarding HIPAA Security Risk Analyses, CEs and BAs are required to review and update their risk assessments only under certain conditions after completing their initial SRAs. However, for purposes of compliance with the Medicare & Medicaid EHR Incentive Program, eligible hospitals and professionals participating in the MU Program must review and update the risk assessments of their CEHRT each federal fiscal year or calendar year, respectively, per CMS's Tipsheet [PDF].

Topics:  Data Protection, HIPAA, PHI, Risk Assessment

Published In: Health Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Ober|Kaler | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »