TPC-Journal-V5-Issue3

The Professional Counselor /Volume 5, Issue 3 413 Table 1 Example Risk Analysis and Risk Management Steps Risk Analysis 1. Identify the scope of the analysis. 2. Gather data. 3. Identify and document potential threats and vulnerabilities. 4. Assess current security measures. 5. Determine likelihood of threat occurring. 6. Determine potential impact of threat occurrence. 7. Determine level of risk. 8. Identify security measures and finalize documentation. Risk Management 1. Develop and implement a risk management plan. 2. Implement security measures. 3. Evaluate and maintain security measures. Note. Adapted from “Basics of Risk Analysis and Risk Assessment,” by the U.S. Department of Health and Human Services, 2007, HIPAA Security Series , 2(6), p. 5. Sanction policy. It must be communicated to all members of counselor education programs that failure to comply with the policies will result in sanctions. HIPAA (§164.308, 2013) requires organizations to enforce sanctions against individual members for failing to comply with their organization’s policies and procedures. A counselor education program should have clearly documented policies and procedures for students and staff involved with the facilitation of ePHI. The language of HIPAA makes no attempt to clarify as to what these sanctions should entail; however, language needs to exist that addresses individuals’ failure to comply. For counseling students, a potential option is to consider a tiered sanction policy similar to that of the structure established by the HITECH Act (Modifications to the HIPAA Privacy, 2013) and § 1176 of the Social Security Act (2013). Varying categories of violations from “did not know” (p. 5583) to uncorrected–willful neglect result in increasingly severe fines (Modifications to the HIPAA Privacy, 2013). Since this experience is most likely educational for students, varying degrees of failure to comply could exist. For counselor education programs, this language also could easily be tied to student remediation processes that many counseling programs utilize.