Lexology April 5, 2024
McGuireWoods LLP

Applicable Provider Types: All

Is Your Entity in Compliance?

The Health Insurance Portability and Accountability Act of 1996, as modified by the Health Information Technology for Economic and Clinical Health Act of 2009 (HIPAA) requires covered entities and their business associates to implement policies and procedures to prevent, detect, contain and correct security violations. Under the HIPAA Security Rule, entities must “periodically” perform a security risk assessment, which can be adapted to the size and sophistication of the entity. While the general approach is to perform one annually, some organizations may do so bi-annually and others every three years.

An organization undertaking a risk assessment must thoroughly assess the potential risks and vulnerabilities to the confidentiality, integrity and availability of...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health IT, Healthcare System, HIPAA, Privacy / Security, Provider, Technology
Related Articles:
Addressing The HIPAA Blind Spot For Crisis Pregnancy Centers
6 Important Takeaways for HIPAA Covered Entities and Business Associates from 2024 NIST HHS OCR Conference
HHS settles 2 ransomware investigations as attacks rise
Safeguarding Health Information: Takeaways from HHS and NIST 2024 HIPAA Security Conference
White House OMB is reviewing proposed cybersecurity updates to HIPAA

Share This Article