Top Ten HIPAA Security Myths

 

11/5/2013 – The Department of Health and Human Services (HHS) recently released the top ten list of “myths” regarding security risk analysis.  The risk analyses are required for providers to successfully attest under the EHR Incentive Program and are mandated under the 2005 HIPAA Security final rule.  CMS has stated that not completing and documenting a security risk analysis is one of the leading reasons for providers failing a meaningful use audit.

For more information on security risks, see HealthIT.gov’s   Health Information Privacy and Security: A 10 Step Plan