Apr 15, 2019 1:32:23 PM

Conducting Regular HIPAA Security Risk Analyses is Critical

Clients frequently ask the question, “How often should I perform a security risk analysis as a covered entity under HIPAA?” While the HIPAA security rule does not require a security risk assessment to be performed within a certain timeframe, it does state that the risk analysis process should be ongoing and continuous. Similarly, the Quality Payment Program (for covered entities accepting Medicare) does evaluate if an organization has performed a security risk analysis within a 12 month period (January through December) as a required measure.

Topics: HIPAA