We recently completed a comprehensive review of the HIPAA Security Risk Assessment within Compliance Manager. As a result, assessment questions, content, corrective actions, and scoring were updated to align with NIST SP 800-53 Revision 5, released in September 2020. The following changes were implemented as part of this update:
Privacy Risk Assessment Removed: The HIPAA Privacy Rule is addressed through the safeguards required under the HIPAA Security Rule. Based on this alignment, the standalone Privacy Risk Assessment has been retired. A new, enhanced custom risk assessment tool is planned for a future release. In the meantime, Healthicity Professional Services can assist organizations that need to complete a Privacy Assessment.
Completed Assessments Preserved: All previously completed Security and Privacy Risk Assessments remain available in Compliance Manager for reference. These assessments are read-only and cannot be modified or submitted to a Workplan following the upgrade.
Incomplete Assessments Removed: Assigned but incomplete assessments were removed as part of the update. Organizations with impacted assessments were contacted directly and provided assistance with backup copies and guidance on transitioning to the updated HIPAA Security Risk Assessment.
© Healthicity, LLC
Comments
0 comments
Please sign in to leave a comment.