Health Transformation Resources Links
HIPAA Privacy and Security Resources
What Makes for Successful HIPAA Risk Analysis and Data Governance?
Organizations that have not performed the complete process of risk analysis are more likely to suffer incidents and breaches of protected health information. The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule was developed to assure patients’ health information is properly protected. The HIPAA Security Rule requires covered entities and business associates conduct a risk analysis to help ensure organizations are compliant with HIPAA’s administrative, physical and technical safeguards. Also important is data governance and how organizations manage and protect patient data. Health care data is essential to deliver safe, coordinated, effective, high-quality care. Data governance provides health care organizations with a standardized and structured method of sharing medical data.
Mountain-Pacific’s Susan Clarke, privacy and security consultant, presented to Montana Primary Care Association members about how conducting a risk analysis and adopting a data governance strategy are foundational to protecting health information and ensuring health care data is available to provide high-quality care to patients. The recording of the presentation includes
- types of risk analysis and available options;
- risk analysis requirement;
- risk analysis process;
- why data governance in health care is important;
- steps to implement strong data governance;
- the importance of having an accurate and up-to-date risk analysis.
Watch the 68-minute recording.
HIPAA Guidance and Resources
- U.S. Department of Health & Human Services (HHS) HIPAA for professionals
- Summary of key elements of the HIPAA Privacy Rule, including who is covered, what information is protected, uses and disclosures of protected health information and provided individual rights
- The 21st Century Cures Act information blocking, defined as a practice likely to interfere with, prevent or materially discourage access, exchange or use of electronic health information (EHI)
- National Institute of Standards and Technology (NIST) draft guidelines to defend against debilitating ransomware attacks
- Frequently asked questions and fact sheets regarding the Substance Abuse Confidentiality Regulations under 42 CFR Part 2
- To learn more about HIPAA Privacy and Security Rules, sign up for Office for Civil Rights (OCR) privacy and security Listservs
See all our resources.
Consulting Services
Innovative services to transform health care delivery, quality and safety.
Health Transformation Resources
Resources for health transformation, quality improvement and security.