Back to Basics: Focus on Risk Assessments for HIPAA Compliance
Renal and Urology News
A recent HIPAA settlement shows that many practices still are not complying with the basics of the regulations. A gastroenterologist in Ogden, Utah, paid $100,000 to the US Office for Civil Rights (OCR) this spring after reporting a breach related to a business associate. When OCR investigated the complaint, they found that the doctor’s practice had never completed a risk assessment, and even with support from OCR, he did not sufficiently mitigate his risks. In an OCR statement, Roger Severino, the organization’s director, said not implementing HIPAA basics continues to be an “unacceptable and disturbing trend” in healthcare.
A risk assessment is the heart of a practice’s compliance plan. It tells a medical group what information...