http://healthitsecurity.com/2014/04/14/hipaa-security-risk-assessment-tool-small-provider-needs/
By Patrick Ouellette
Health IT Security
April 14, 2014
Though the Department of Health and Human Services (HHS) released its
HIPAA security risk assessment tool a few weeks ago, it’s still unclear
how healthcare organizations will use the tool as part of their HIPAA
Security Rule compliance strategy. Most organizations realize the tool
isn’t necessarily a panacea for federal compliance needs. However,
according to Alisa Chestler, a shareholder in the Washington, D.C. office
of Baker Donelson, the beauty of the tool for small to mid-size providers
is that it’s flexible and serves as a good starting point for those who
may be lacking in risk analyses.
Chestler, who concentrates her practice in healthcare regulatory
compliance; privacy, security and records management issues, discussed the
tool’s benefits and uses with HealthITSecurity.com.
What are your general impressions of the HIPAA security risk assessment
tool?
First and foremost, with this tool the government is reinforcing how
seriously they’re taking this type of analysis is required of the small
providers, what they should know and the expectation that the risk
analysis be completed. Secondly, as they begin to see what the tool is all
about, they will quickly realize how much of a deep dive it is. So even if
it’s not as robust as, say, the audit protocol, it shouldn’t be scoffed at
because it will make providers think of things that they never would have
thought of before.
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
