HIPAA security risk assessment tool: Small provider needs

[InfoSec News <alerts () infosecnews org>]

http://healthitsecurity.com/2014/04/14/hipaa-security-risk-assessment-tool-small-provider-needs/

By Patrick Ouellette
Health IT Security
April 14, 2014

Though the Department of Health and Human Services (HHS) released its 
HIPAA security risk assessment tool a few weeks ago, it’s still unclear 
how healthcare organizations will use the tool as part of their HIPAA 
Security Rule compliance strategy. Most organizations realize the tool 
isn’t necessarily a panacea for federal compliance needs. However, 
according to Alisa Chestler, a shareholder in the Washington, D.C. office 
of Baker Donelson, the beauty of the tool for small to mid-size providers 
is that it’s flexible and serves as a good starting point for those who 
may be lacking in risk analyses.

Chestler, who concentrates her practice in healthcare regulatory 
compliance; privacy, security and records management issues, discussed the 
tool’s benefits and uses with HealthITSecurity.com.


What are your general impressions of the HIPAA security risk assessment 
tool?

First and foremost, with this tool the government is reinforcing how 
seriously they’re taking this type of analysis is required of the small 
providers, what they should know and the expectation that the risk 
analysis be completed. Secondly, as they begin to see what the tool is all 
about, they will quickly realize how much of a deep dive it is. So even if 
it’s not as robust as, say, the audit protocol, it shouldn’t be scoffed at 
because it will make providers think of things that they never would have 
thought of before.

[...]

--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/