The HIPAA Security Rule requires Covered Entities and Business Associates to ensure the confidentiality, integrity, and availability of all electronic Protected Health Information (ePHI) that it creates, receives, maintains, or transmits. Conducting a Risk Analysis, which is an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of the ePHI held by an organization, is not only a Security Rule requirement, but also is fundamental to identifying and implementing safeguards that comply with and carry out the Security Rule standards and implementation specifications.

Summer 2020 OCR Cybersecurity Newsletter

Security and compliance are first and foremost in the management of our clients' systems. After conducting thousands of SRAs, common vulnerabilities began to emerge. We launched HIPAA Tip Tuesday to make clients aware of what actions they can take to address these vulnerabilities.

Have a great week!