Anyone who has wrestled with the HIPAA Security Rule’s risk‐analysis requirement knows that the government’s free Security Risk Assessment (“SRA”) Tool can be a practical starting point—particularly for resource-constrained practices that cannot justify a commercial governance-risk-and-compliance platform. Developed jointly by the Office for Civil Rights (“OCR”) and the Assistant Secretary for Technology Policy (“ASTP”), the SRA Tool walks the user through the core elements of a 45 C.F.R. §…
By: Foley Hoag LLP – Security, Privacy and the
By: Foley Hoag LLP – Security, Privacy and the
