CoreFolio Learn

How-to

Practical walkthroughs for the work HIPAA actually requires — risk analysis, gap analysis, vendor reviews.

How to do a HIPAA risk analysis without a $15,000 consultant

The Security Rule requires every covered entity to conduct an accurate, thorough risk analysis. Here is what that actually means, what it has to contain, and how to do it yourself.

May 14, 20265-minute read

What goes in a HIPAA risk management plan

The risk analysis gets all the attention, but OCR requires the risk management plan too. Here is what it needs to contain, how it relates to the risk analysis, and what a defensible plan looks like.

May 11, 20265-minute read

What is a business associate agreement, and who needs one?

A business associate agreement (BAA) is required whenever a vendor handles your patient data. Here is who qualifies as a business associate, what the agreement must contain, and what happens when you skip it.

May 9, 20265-minute read

HIPAA workforce training: what the rule requires and what actually works

HIPAA requires workforce training on security policies and procedures. Here is what the rule actually says, what OCR has cited in settlement agreements, and what training looks like in a small practice.

May 4, 20265-minute read