Your review or other use of the documents or other information or services on the HIPAA COW web site (collectively, the “Documents”) will be governed by the terms and conditions stated below. For the purposes of these terms and conditions, if the user is not an individual, then “You” or “you” will include the user’s company, its practitioners, officers, employees, members, agents, successors and assigns. As used below, “HIPAA COW” refers to HIPAA Collaborative of Wisconsin.
HIPAA COW may amend these terms and conditions at any time by posting the amended terms on HIPAA COW’s Web site.
These Documents are Copyright by the HIPAA Collaborative of Wisconsin. HIPAA COW retains full copyright ownership, rights and protection in all material contained in the Documents. You may use these Documents for your own purposes. They may be freely redistributed in their entirety provided that the copyright notice is not removed. When information from these Documents is used, HIPAA COW shall be referenced as a resource. They may not be sold for profit or used in commercial documents without the written permission of the copyright holder. These Documents are provided “as is” without any express or implied warranty. These Documents are for educational purposes only and do not constitute legal advice. If you require legal advice, you should consult with an attorney. Unless otherwise noted, HIPAA COW has not addressed all state pre-emption issues related to these Documents. Therefore, these Documents may need to be modified in order to comply with Wisconsin/State law.
The listing of an organization or a Web link on the HIPAA COW web site does not imply any endorsement and HIPAA COW takes no responsibility for the products, tools, and Internet sites listed. A Document may contain links to other sites over which HIPAA COW has no control. The inclusion of any link does not imply endorsement by HIPAA COW of the site or the site’s contents or owner. By using any Document to search for or link to another site, you agree and understand that you may not make any claim against HIPAA COW for any damages or losses, whatsoever, resulting from your use of the Web site to obtain search results or to link to another site. The information and content provided by HIPAA COW is for informational purposes only. HIPAA COW disclaims any responsibility to update any information, including with respect to any new legal, business, or technology developments. The information is not intended to and does not constitute legal, financial, or other professional advice. HIPAA COW is not licensed to practice law in any jurisdiction and the accuracy, completeness, adequacy, or currency of the information is not warranted or guaranteed and any use of it is at your own risk. If you require legal advice, you should consult with an attorney.
HIPAA COW may terminate these terms and conditions and your use of these Documents at any time if you violate any provision of these terms and conditions. Termination of these terms and conditions will not affect any obligations that accrued before the termination. If you understand and accept these conditions of use, click “I Accept” to enter the HIPAA COW Sample Document Portal page.
HIPAA COW Risk Analysis & Risk Management Toolkit:
NEW: Risk Analysis and Risk Management Toolkit Revisions: 9/13/13
Items #1 & #3 were updated. Items #11 & 12 were added: The HIPAA COW Risk Management Networking Group has spent most of their meeting time over the past few months making updates to the Toolkit. They reviewed the OCR Audit Protocol and added information to the HIPAA COW Risk Assessment Security Questions (and supporting information on that document). The HIPAA COW Security Assessment spreadsheet was also updated to include a formula so the risk levels and vulnerability/threat pair auto-populate into the Risk Mitigation Implementation plan. Finally, the password to unlock the spreadsheet was removed. The following document was also created: The OCR Audit Protocol 2013 Cross Reference to the HIPAA COW Risk Assessment Changes Made (see #11 below). Changes made to the Security Assessment spreadsheet are reflected and referenced in columns E-J on the Security worksheet and E-G on the Privacy worksheet.
HIPAA COW is pleased to provide you with this HIPAA COW Risk Analysis & Risk Management Toolkit (Toolkit). Please note that this Toolkit is a work in progress. More documents will be added to further assist organizations in their efforts to complete a Risk Analysis, Risk Assessment, and their Risk Management strategy. Please contact us with any recommendations, questions, or special requests. The following Toolkit documents are currently available:
1) Start Here: This Guide provides a summary of all the tools in this Toolkit (listed below) as well as ideas on how to use them to complete a risk analysis, risk assessment, and develop and implement a risk management strategy. It also includes a list of references reviewed and used while developing this Toolkit.
3) HIPAA COW Risk Assessment - Template . This document contains several worksheets, including:
Example Security P&P List
Threat Source List
Inventory Asset List
Risk Mitigation Implementation Plan
9) Risk Management Policy - This may be used by your organization as a template to create a Risk Management Policy. The policy was updated on 1/16/13 to better align with the HIPAA COW Risk Analysis & Risk Management toolkit.
10) HIPAA COW OCR Audit Protocol - This OCR HIPAA Audit Protocol, with the last column added by HIPAA COW on the Security and Privacy & Breach worksheets, includes the question numbers that currently are believed to cover some or all of the audit protocol requirements for each specific item. The HIPAA COW Risk Management Networking Group will be reviewing the established performance criteria and audit procedures in the OCR HIPAA Audit Program and enhance the HIPAA Security questions and recommended controls on the HIPAA COW Risk Assessment Template spreadsheet.
12) NIST SP 800-30 v2002. This Toolkit is based on many of the methodologies described in this document.
The HIPAA COW Risk Analysis & Risk Management Toolkit (Toolkit) documents are Copyright by the HIPAA Collaborative of Wisconsin (“HIPAA COW”). They may be freely redistributed in their entirety provided that this copyright notice is not removed. When information from this document is used, HIPAA COW shall be referenced as a resource. They may not be sold for profit or used in commercial documents without the written permission of the copyright holder. This Guide and the Toolkit documents are provided “as is” without any express or implied warranty. This Guide and the Toolkit documents are for educational purposes only and do not constitute legal advice. If you require legal advice, you should consult with an attorney. Unless otherwise noted, HIPAA COW has not addressed all state pre-emption issues related to this Guide and the Toolkit documents. Therefore, these documents may need to be modified in order to comply with Wisconsin/State law.The Toolkit provides an example HIPAA Security Risk Assessment and documents to support completing a Risk Analysis and Risk Mitigation Implementation Plan. While it covers a broad spectrum of the requirements under the HIPAA Security Rule and HITECH, it may not cover all measures needed to secure your patients’ electronic protected health information (ePHI). It is not meant to be construed as a one-size-fits all Toolkit. As previously stated, this includes only an example method to complete a HIPAA Security Risk Assessment. The HIPAA Security Rule requires this be completed on an ongoing basis, but does not prescribe how to accomplish this. The authors of these documents carefully considered and included information that are believed to be of most importance, based on legal requirements, known HIPAA Security incident history, and personal experiences. With that said, it may include items not required by your organization, exclude items required, and/or items that you need tailor to your organization’s needs.
Please forward any questions, comments, enhancements or ideas for improvement about this Risk Toolkit to: firstname.lastname@example.org. We welcome your feedback.