OCR drafts guidelines for security risk analysis
Mary Mosquera reports:
The Health & Human Services Department published draft guidance to help healthcare providers and payers figure out what is expected of them in doing a risk analysis of their protected patient health information.
The security rule of the Health Insurance Portability and Accountability Act (HIPAA) requires that providers, payment plans and their business associates perform a risk assessment, but does not prescribe a method for doing so, according to draft guidance from HHS’ Office of Civil Rights (OCR). The HITECH Act directed that OCR oversee health information privacy.
[…]More information about risk analysis is online here.
Read more on Government Health IT.