A Conversation about Trends in HIPAA Enforcement Activity
In this webinar, Joseph Kirkpatrick and Mark Hinely discuss historic and 2016 trends in OCR enforcement activity. 2016 was a record year for enforcement and these trends are the most direct way that the OCR can tell us what or where they’re looking.
Joseph and Mark also engaged in a Q&A session to answer many questions regarding risk, including:
Q: How do you keep an organization’s risk analysis fresh from year to year?
A: Don’t copy and paste from last year’s risk analysis. Last year is not effective for this year. You need to determine what contains PHI that didn’t last year. Things have changed, even if you think they haven’t.
Q: How do you make a risk analysis more specific from year to year?
A: Bring in a third party assessor, or any type of third party, who can see what you can’t. Even bring in someone internal, but who’s subject matter is different.
Q: What is the difference between a gap analysis and a risk analysis?
A: A gap analysis takes your organization and compares its gaps against strict, specific, published standards. A risk analysis, though, requires you to think more broadly and determine what risks are unique to your organization.
Q: What’s the difference between a risk analysis and risk management?
A: A risk analysis assesses the potential threats to an organization’s confidential information. Risk management takes the information discovered from a risk analysis and acts on it to protect the confidential information.
Download the full webinar to learn about each of the cases listed above, hear more of the Q&A session, and learn even further about the current trends in enforcement activity. Contact us today to speak to a HIPAA expert.