ACCORDING to HHS OCR, a video presentation was created to raise awareness and provide practical education to HIPAA covered entities and business associates about the HIPAA Security Rule’s Risk Management requirement. The article notes that risk management, like risk analysis, is an essential component of HIPAA Security Rule compliance and broader cybersecurity preparedness, helping to safeguard electronic protected health information and defend against cyber-attacks by reducing risks to a reasonable level.
OCR has expanded its Risk Analysis Initiative to include risk management, building on prior successes. The speaker is Nicholas Heesters, Senior Advisor for Cybersecurity at the HHS Office for Civil Rights. Topics include HIPAA Security Rule Risk Management requirements, OCR investigation findings of potential risk management violations, and available risk management and cybersecurity resources, with the final segment addressing a selection of questions solicited from the regulated community. The video is available on OCR’s YouTube channel, and viewers are encouraged to watch and share this resource.