U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES
Office for Civil Rights
October 24, 2023
OCR Webinar on The HIPAA Security Rule Risk Analysis Requirement
Threats and vulnerabilities to electronic protected health information (ePHI) in today’s healthcare environment are numerous and varied. ePHI is under constant threat from malicious insiders selling PHI for financial gain, sophisticated hackers seeking to compromise healthcare systems and blackmail them with ransomware, and the sheer complexity and reliance on technology of today’s healthcare systems. All of these risks to ePHI, and more, need to be identified, understood, assessed, prioritized, and mitigated by HIPAA regulated entities to ensure the confidentiality, integrity, and availability of ePHI.
The HIPAA Security Rule Risk Analysis requirement is a key and necessary step for effective cybersecurity and HIPAA Security Rule compliance. Unfortunately, OCR often identifies potential violations or compliance concerns in Security Rule investigations.
Join OCR for a webinar at 3:00 pm (EST) on Tuesday, October 31, 2023, discussing the HIPAA Security Rule’s Risk Analysis requirement. This webinar will discuss what is required to conduct an accurate and thorough assessment of potential risks and vulnerabilities to ePHI and review common risk analysis deficiencies OCR has identified in Security Rule investigations. To register for the webinar, visit: https://kauffmaninc.zoom.us/webinar/register/WN_xaRWAC3qTYSykYAAbLL_ew
OCR welcomes questions that could be addressed during the webinar. If you have questions about the HIPAA Security Rule’s Risk Analysis requirement, please send them to OCRPresents@hhs.gov no later than October 27, 2023.
- Nicholas Heesters, Senior Advisor for Cybersecurity, OCR
- How to prepare for a risk analysis
- How should ePHI be assessed
- What does it mean to be accurate and thorough
- What purpose does a risk analysis serve once completed
- Examples from OCR investigations