The scope of Proposed ADA Technical Report No. 1096 for Electronic Protected Health Information HIPAA Security Risk Analysis is to: • Review the fundamental concepts and terminology of the Health Insurance Portability and Accountability Act (HIPAA), Security Rule, Health Information for Economical Data Risk Analysis such as Sections 160.103 (definitions), 164.306 (General Rule), 164.308 (Administrative Guideline), 164.310 (Physical Guidelines), 164.312 (Technical), 164.502 (definitions), 164.514 (Uses and Disclosures including Minimally Necessary), and 164.530 (Administrative Requirements) located in 45 Code of Federal Regulations. This review will provide a foundation for beginning a Patient Data Risk Analysis. • Highlight the steps needed to start a Patient Data Security Risk Analysis which should include: - Review of organizational and educational tasks; and - Development and implementation of a HIPAA privacy compliance program. • Outline the steps required in a risk management plan as described in § 164.306 (B) follow-up and should include: - Itemization of forms and notices the privacy and security standards require; - Identification of business associates; - Inventory of existing policies and procedures at the corporate, institutional, and departmental levels, and the training; - Development of HIPAA-specific policies and procedures, inventory of information assets including hardware/software and connectivity; • Recommend Patient Data Security Risk Analysis tools
ADA TR 1096-2023 history
1970ADA TR 1096-2023 Electronic Protected Health Information HIPAA Security Risk Analysis and Plan
1970ADA TR 1096-2018 Electronic Protected Health Information HIPAA Security Risk Analysis