There are plenty of ways to squander several million dollars,
but none quite as frustrating as forking over those hefty sums
to HHS’s Office for Civil Rights (OCR). 39 of 52 OCR Corrective
Action Plans/Resolution Agreements to date involved ePHI
and, therefore, required risk analysis and risk management. 35
of the 39 organizations (90%) failed to have completed a HIPAA
Risk Analysis and 33 of the 39 organizations (85%) failed to
have completed a HIPAA Risk Management that meets OCR’s
increasingly more stringent ‘standard of care’.
It is clear that many organizations struggle to fully comprehend
the scope of an OCR-Quality Risk Analysis. Simply put, an
accurate and complete HIPAA Risk Analysis must include all
information assets in all lines of business in all facilities and in
all locations. If that sounds like alot, it is. Attend this live web
event and learn a step-by-step methodology based