Top Ten HIPAA Security Myths


11/5/2013 – The Department of Health and Human Services (HHS) recently released the top ten list of “myths” regarding security risk analysis.  The risk analyses are required for providers to successfully attest under the EHR Incentive Program and are mandated under the 2005 HIPAA Security final rule.  CMS has stated that not completing and documenting a security risk analysis is one of the leading reasons for providers failing a meaningful use audit.

For more information on security risks, see’s   Health Information Privacy and Security: A 10 Step Plan