From HHS OCR:
The HHS Office for Civil Rights (OCR) is producing a pre-recorded video for HIPAA covered entities and business associates (collectively, “regulated entities”) reviewing the requirements of the HIPAA Security Rule’s Risk Management implementation specification.
OCR welcomes questions that could be addressed during this video. If you have questions about the Security Rule’s Risk Management requirement, please send them to [email protected] no later than December 8, 2025.
Speaker:
- Nicholas Heesters, Senior Advisor for Cybersecurity, HHS Office for Civil Rights
Topics include:
- HIPAA Security Rule Risk Management requirements
- OCR investigations with potential Risk Management violations
- Risk Management and cybersecurity resources
- Responses to select submitted questions