Your review or other use of the documents or other information or services on the HIPAA COW web site (collectively, the “Documents”) will be governed by the terms and conditions stated below. For the purposes of these terms and conditions, if the user is not an individual, then “You” or “you” will include the user’s company, its practitioners, officers, employees, members, agents, successors and assignees. As used below, “HIPAA COW” refers to HIPAA Collaborative of Wisconsin.
HIPAA COW may amend these terms and conditions at any time by posting the amended terms on HIPAA COW’s Web site.
HIPAA COW holds the Copyright to these Documents. HIPAA COW retains full copyright ownership, rights and protection in all material contained in the Documents. You may use these Documents for your own non-commercial purposes. They may be redistributed in their entirety only if (i) the copyright notice is not removed or modified, and (ii) Documents are provided to the recipient free of charge. If information is excerpted from these Documents and incorporated into another work-product, attribution shall be given to HIPAA COW (e.g., reference HIPAA COW as a resource). Documents may not be sold for profit or used in commercial documents or applications. These Documents are provided “as is” without any express or implied warranty. These Documents are for educational purposes only and do not constitute legal advice. If you require legal advice, you should consult with an attorney. Unless otherwise noted, HIPAA COW has not addressed all state pre-emption issues related to these Documents. Therefore, these Documents may need to be modified in order to comply with Wisconsin/State law.
The listing of an organization or a Web link on the HIPAA COW web site does not imply any endorsement and HIPAA COW takes no responsibility for the products, tools, and Internet sites listed. Documents may contain links to other sites over which HIPAA COW has no control. The inclusion of any link does not imply endorsement by HIPAA COW of the site or the site’s contents or owner. By using any Documents to search for or link to another site, you agree and understand that you may not make any claim against HIPAA COW for any damages or losses, whatsoever, resulting from your use of the Web site to obtain search results or to link to another site. The information and content provided by HIPAA COW is for informational purposes only. HIPAA COW disclaims any responsibility to update any information, including with respect to any new legal, business, or technology developments. The information is not intended to and does not constitute legal, financial, or other professional advice. HIPAA COW is not licensed to practice law in any jurisdiction and the accuracy, completeness, adequacy, or currency of the information is not warranted or guaranteed and any use of it is at your own risk. If you require legal advice, you should consult with an attorney.
HIPAA COW may terminate these terms and conditions and your use of these Documents at any time if you violate any provision of these terms and conditions. Termination of these terms and conditions will not affect any obligations that accrued before the termination. If you understand and accept these conditions of use, click “I Accept” to enter the HIPAA COW Sample Documents Portal page.
HIPAA COW Risk Analysis & Risk Management Toolkit:
HIPAA COW is pleased to provide you with this HIPAA COW Risk Analysis & Risk Management Toolkit (Toolkit). Please note that this Toolkit is a work in progress. More documents will be added to further assist organizations in their efforts to complete a Risk Analysis, Risk Assessment, and their Risk Management strategy. Please contact us with any recommendations, questions, or special requests.
The following Toolkit documents are currently available:
1) Start Here: This Guide provides a summary of all the tools in this Toolkit (listed below) as well as ideas on how to use them to complete a risk analysis, risk assessment, and develop and implement a risk management strategy. It also includes a list of references reviewed and used while developing this Toolkit.
3) HIPAA COW Risk Assessment Template (Updated 9/8/17) Finished incorporating key information from the NIST HIPAA Security Toolkit questions (v2011: http://scap.nist.gov/hipaa/) into the Security Questions worksheet for these subject “categories”: Technical Access Control (encryption and integrity), ePHI Disposal, and Group Health Plans. The review of this NIST document was completed.
This document contains several worksheets, including:
- Example Security
- P&P List
- Security Questions
- Threat Source List
- Inventory Asset List
- Risk Mitigation
- Implementation Plan
9) Risk Management Policy – This may be used by your organization as a template to create a Risk Management Policy. The policy was updated on 1/16/13 to better align with the HIPAA COW Risk Analysis & Risk Management toolkit.
11) HIPAA COW OCR Audit Protocol – June 2012 – This OCR HIPAA Audit Protocol, with the last column added by HIPAA COW on the Security and Privacy & Breach worksheets, includes the question numbers that currently are believed to cover some or all of the audit protocol requirements for each specific item. The HIPAA COW Risk Management Networking Group reviewed the established performance criteria and audit procedures in the OCR HIPAA Audit Program and enhance the HIPAA Security questions and recommended controls on the HIPAA COW Risk Assessment Template spreadsheet. This project was completed in August of 2013.
13) NIST SP 800-30 v2002 – This Toolkit is based on many of the methodologies described in this document.