Back to Blog>> Did you know? OCR has a new Risk Analysis Enforcement Initiative

Did you know? OCR has a new Risk Analysis Enforcement Initiative

HIPAA Summit 41 OCR risk analysis enforcement

View OCR Director Melanie Fontes Rainer’s presentation deck here. At the HIPAA Summit 41 in late February, she spoke on “spoke on recent OCR rulemakings, trends in health data breaches, recent HIPAA enforcement actions, new HIPAA enforcement initiatives (think risk analysis enforcement), best practices, and available cybersecurity resources to improve the protection and security of health information.” 

Slide 17 bullet points re the new Risk Analysis Enforcement initiative:

  • Focus on compliance with key HIPAA Security Rule requirement
  • Most OCR large breach investigations reveal a lack of a compliant risk analysis
  • Drive better practices to protect electronic protected health information (ePHI)
  • Better overall security of data

This, combined with the recent  “Dear Colleague” letter, will have anyone who may touch PHI / ePHI on their toes (also see my LinkedIn article “Notice the OCR’s increased attention on security risk analyses?”).

If it’s been more than 12 months since your last security risk analysis, it’s likely time to get another one on the calendar. With the OCR talking risk analysis enforcement, this is no time to procrastinate. Technology leaps, internal changes to systems or processes, new vendor partners – all excellent reasons to take this step to protect your organization.

Connect with me or Kevin Haralson to talk about analyzing your security risk. A thorough Security Risk Analysis is holistic, looking at the people, processes, and technology supporting and protecting you and your (and your clients’) data.