Doing a “gap analysis” each year does not replace a Security Risk Assessment.
In a recent article from OCR, a clear distinction is made between what a gap analysis should be used for and why the need for a full Security Risk Assessment. They point out that practices and providers need to consider all potential risks regarding ePHI, not just previous years’ concerns.
See the rest of the article HERE.
Should you have any questions about your Risk assessment and corrective action plan, we are glad to see if we can help. If you are not sure what the differences are or if and when you need to perform them, please call on us for help.
Todd Greenberg and Bill Steuer
877-270-8306 ext. 133
678-209-2021 x133 (local)