Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

In our latest episode, we dive deep on the process of HIPAA security risk analysis in a group practice context.

We discuss why risk analysis is overwhelming; reframing the way you consider risk analysis; remembering what you are doing right; the recent annual report to Congress from HHS and the Office of Civil Rights (OCR); general requirements for a risk analysis; how PCT approaches risk analysis (in 2 hours!); categories of risk; the tangible benefits of risk analysis in group practice; risk mitigation plans; and approaching risk analysis without burning out.

Resources

  • PCT’s  HIPAA Risk Analysis & Risk Mitigation Service  for mental health group practices — have us perform your risk analysis and do all the heavy lifting of this foundational HIPAA requirement
  • HHS’ Guidance on Risk Analysis
  • HHS Office of Civil Rights emphasized the need for increased compliance with the Risk Analysis requirement in the recently (2/17/2023) released  Annual Report to Congress on  Breaches of Unsecured Protected Health Information:
  • “Risk Analysis. The Security Rule requires regulated entities to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI held by the covered entity or business associate. Failures to conduct a risk analysis leave regulated entities vulnerable to breaches of unsecured ePHI as cybersecurity attacks are increasing.”


v2.1.06-beta

Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss