HIPAA and healthcare technology have changed significantly over the past 20 years. Today, more than ever, covered entities and their business associates face an evolving risk environment in which they must safeguard electronic protected health information (ePHI).
Often, HIPAA risk assessment reports do not meet the guidance defined by the Office of Civil Rights (OCR) or support a complete review of the security rule controls. Checklists of policies and procedures, penetration test results and IT assessments barely scratch the surface of the data security safeguards.
Baker Tilly HIPAA and cybersecurity specialists developed a whitepaper that highlights the required components of a HIPAA risk analysis as defined in the security rule and also shares a cost effective approach to completing a risk analysis annually.