top of page
Writer's pictureDiane Evans

Don't Risk Ignorance to Data Vulnerabilities

By Diane Evans 


Recently, the U.S. Office for Civil Rights (OCR) announced a new “Risk Analysis Initiative” to highlight the need for more comprehensive risk assessment to avoid data breaches within healthcare.  


For an industry reigning as the prime target of cybercrime, this comes as practical advice.  Without a thorough risk assessment, you simply don’t know what you don’t know. As the OCR chief points out, “knowing where your ePHI is held and the security measures in place to protect that information is essential.”


For senior leaders, here are some assignments to hand out to begin a compliant risk assessment: 


  • Plan out a systematic approach for enterprise-wide risk assessment.

    • Evaluate all potential risks in all places where private information is created, maintained, received and transmitted.

    • Evaluate all administrative, physical, and technical safeguards.


  • Account for all information created, maintained, received and transmitted.


  • Educate staff on how to identify and report risks.


  • Inventory data within information systems.


  • Inventory paper documents and all physical locations where it is accessible.


  • Inventory security policies.

    • Draft and enact any required policies missing.

    • Amend policies as needed to reflect daily procedure.


  • Document all identified risks, and:

    • Assign probability levels to each risk.

    • Assess the potential amount of harm to result from each.

    • Prioritize risks based on likelihood of most disruption.


Upcoming in December from Guarded Edge:  A Risk Assessment Basics course, to be followed by a six-part Risk Assessment Implementation Series beginning in January.



About the author


Diane Evans is founder of Guarded Edge, which offers training and an in-house implementation plan for compliance with the Health Insurance Portability and Accountability Act (HIPAA) within long-term care.  Diane can be reached at devans@guardededge.com.  She has offered accredited training for state and national organizations, including the Health Care Compliance Association and the Cleveland Metropolitan Bar Association. 




3 views0 comments

Recent Posts

See All

Goalposts for Risk Assessment

By Diane Evans  In last week’s issue, we discussed the critical role of risk assessment  in identifying vulnerabilities to private data...

Commentaires


bottom of page