The Centers for Medicare and Medicaid Services (CMS) recently released the sixth in its 'HIPAA Security Educational Paper Series'. This latest paper, dubbed 'Basics of Risk Analysis and Risk Management' offers essential advice as to security rule implementation as well as best practices in conducting assessments. The papers are designed for enforcers within organizations to help them grasp the requirements and implementation recommendations.
Specifically, the latest paper offers ways to determine the scope of risk analysis, to gather data, documentation of vulnerabilities, assessing current security measures, determining the likelihood of threats and the impact, determining risk levels, and other recommendations. The paper also provides example risk management steps which details how to implement security measure and how to evaluate and maintain them.
The security series also has addressed such topics as administrative, physical, and technical safeguards; organizational, policies and procedures and documentation Requirements; as well as a security 101 for covered entities.
To obtain the six educational papers so far, visit: www.cms.hhs.gov/hipaa/hipaa2