References in periodicals archive ?
OCR again requested that UHCO's Privacy Officer provide a risk analysis and documentation that UHCO had implemented security measures to address the risks identified in the risk analysis.
UHCO's Privacy officer responded by providing additional information including:
UHCO's privacy officer hoped this new documentation would finally meet OCR's requirements.
Within a month, OCR let UHCO know they had still not met the risk analysis requirement.
Others, like UHCO, reach out for help after an OCR breach investigation is initiated.
As UHCO reviewed OCR's correspondence and better understood the comprehensive nature of a bona fide risk analysis, they realized they had neither the software tools nor the in-house expertise they needed to meet OCR's expectations.
In this particular case, UHCO already had a comprehensive hardware and software inventory that could be loaded into the software.
Acknowledging the confusion around what is required for proper risk analysis, UHCO's General Counsel commented, "When we submitted a risk analysis and risk management plan from Clearwater, OCR approved them and closed our case."
UHCO's main issue was that they failed to perform risk analysis as required under the HIPAA Security Rule and described in OCR Guidance.
As UHCO experienced, anything less than this is not--in OCR's opinion--a true risk analysis.
For this case study, we will refer to our client as Unnamed Healthcare Organization (UHCO).
Two years ago, UHCO's IT staff discovered they were unable to communicate with one of their servers.
Acronyms browser ?
Full browser ?
- Uhci Base Address Register
- UHD 4K
- UHD 4K
- UHD 8K
- UHD 8K
- UHD TV