Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.
In our latest episode, we dive deep on the process of HIPAA security risk analysis in a group practice context.
We discuss why risk analysis is overwhelming; reframing the way you consider risk analysis; remembering what you are doing right; the recent annual report to Congress from HHS and the Office of Civil Rights (OCR); general requirements for a risk analysis; how PCT approaches risk analysis (in 2 hours!); categories of risk; the tangible benefits of risk analysis in group practice; risk mitigation plans; and approaching risk analysis without burning out.
Resources
- PCT’s HIPAA Risk Analysis & Risk Mitigation Service for mental health group practices — have us perform your risk analysis and do all the heavy lifting of this foundational HIPAA requirement
- HHS’ Guidance on Risk Analysis
- HHS Office of Civil Rights emphasized the need for increased compliance with the Risk Analysis requirement in the recently (2/17/2023) released Annual Report to Congress on Breaches of Unsecured Protected Health Information:
- “Risk Analysis. The Security Rule requires regulated entities to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI held by the covered entity or business associate. Failures to conduct a risk analysis leave regulated entities vulnerable to breaches of unsecured ePHI as cybersecurity attacks are increasing.”