Under the HIPAA Privacy and Security Rule, business associates are required to perform active risk prevention and safeguarding of patient information that are very important to patient privacy. The HITECH act allows only minimum necessary to be disclosed when handling protected health information (PHI).
This security risk assessment exercise has been performed to support the requirements of the Department of Health and Human Services (HHS), Office for the Civil Rights (OCR) and other applicable state data privacy laws and regulations. Upon completion of this risk assessment, a detail risk management plan need to be developed based on the gaps identified from the risk analysis. The gaps identified and recommendations provided are based on the input provided by the staff, budget, scope and other practical considerations