Conducting a HIPAA risk assessment is something that every covered entity must do to ensure that they are properly monitoring potential weak spots in their data security. At the time of publication, the Office for Civil Rights (OCR) had not yet chosen a date for its second round of HIPAA audits, but the looming threat of an OCR visit cannot be the only reason for CEs to think about HIPAA risk assessments.
Following up with last week’s discussion on the details in a potential HIPAA audit, HealthITSecurity.com will now break down the important aspects of the actual HIPAA risk assessment. We’ll cover the basics of the risk assessment process, as well as what common mistakes organizations might make and why a thorough risk assessment is essential for all CEs.