OCR has a preference to resolve HIPAA conformity problems through voluntary conformity as well as non-punitive ways, even though financial fines are these days becoming more usual. If OCR detectives discover HIPAA breaches, financial fines might be imposed. Penalties of as much as $1.5 million can be imposed for each breach type found.
Among the most usual causes for a financial fine is the failure to carry out a complete, company-wide danger evaluation. The danger evaluation is a first necessity of the HIPAA Safety Law – 45 C.F.R. §§ 164.308(a)(1)(ii)(A), and is among 4 mandatory application specifications in the Safety Administration Procedure.
The aim of the danger evaluation is to find all possible dangers to the integrity, confidentiality, and accessibility of all ePHI which a protected entity maintains, receives, creates, or transfers. The danger evaluation should cover all types of ePHI, and all systems and devices that come into contact with ePHI.
As was observed with the pilot stage of the HIPAA conformity audits and succeeding PHI break examinations, small to medium-sized protected bodies regularly struggle with the danger evaluation.
To assist protected bodies to conform to this part of the Safety Law, OCR, Office of the General Counsel (OGC), and the Office of the National Coordinator for Health Information Technology (ONC), established a security risk assessment tool.
The safety danger evaluation tool is actually an independent working system-independent app for Windows devices as well as iPads. The device can be utilized to make sure that a danger evaluation is carried out in a comprehensive, ordered way.
The device has 156 queries containing HIPAA requisites in connection with each protected entity’s activities. It’s not necessary to use the device, even though it’s desirable for small to medium-sized protected bodies.
The device was initially supplied in March 2014, however, is repeatedly upgraded. This week ONC/OCR declared that the device has been upgraded with latest qualities including improved informing functions. The latest device is also consistent with Windows 10. An upgraded paper-based type of the device has also been made obtainable.
The device can be copied free of cost from the Apple App store or else from the HealthIT.gov website.