Last month, Paula Stannard, Director of the HHS Office for Civil Rights, met with WSHA leadership in Seattle and emphasized that OCR enforcement would extend beyond ensuring hospitals conduct HIPAA risk assessments to include evaluating the steps hospitals take to mitigate identified risks. WSHA is supporting hospitals by providing regular opportunities to learn and convene on IT security and privacy issues. We also want to highlight resources that may be useful in their work.
A new 45-minute video from OCR reviews the HIPAA Security Rule’s Risk Management requirement and explains why identifying risks without mitigation can leave ePHI vulnerable. Presented by Nicholas Heesters of the HHS Office for Civil Rights, the video covers OCR investigatory findings related to potential risk management compliance issues, offers available risk management resources, and addresses questions submitted by the regulated community. ([email protected])