OCR Releases Risk Management Video

This video presentation is intended to raise awareness and provide practical education to HIPAA covered entities and business associates of the HIPAA Security Rule’s Risk Management requirement.  Like risk analysis, effective risk management is an essential component of both HIPAA Security Rule compliance and broader cybersecurity preparedness.  Risk management is a critical step not only for safeguarding electronic protected health information, but also for defending against cyber-attacks more generally by reducing risks and vulnerabilities to a reasonable and appropriate level.  Building on the success of the initiative, OCR has expanded its Risk Analysis Initiative to include risk management.

Speaker:

• Nicholas Heesters, Senior Advisor for Cybersecurity, HHS Office for Civil Rights

Topics include:

• HIPAA Security Rule Risk Management requirements
• OCR investigation findings of potential Risk Management violations
• Risk Management and cybersecurity resources

In developing this video, OCR engaged with the regulated community by soliciting questions on risk management.  The final segment of the presentation addresses a selection of these questions.  The video is available on OCR’s YouTube channel, @USGovHHSOCR.  We encourage all regulated entities and partners to view and share this important resource.