HIPAA SECURITY RISK ASSESSMENT
WHAT IS INCLUDED WITH YOUR SECURITY RISK ASSESSMENT.
including All Corrective Action Plan items
organization size limitations apply
Includes External Penetration Test, Corrective Action Plan (CAP) and Required Satisfactory Assurance of HIPAA Compliance documentation.
Security Risk Assessment of all three required categories:
Administrative | Technical | Physical
All vulnerabilities and their remediation action plan is included in HIPAA Management Plan reports.
FIVE HEALTHCARE SECURITY RISK
ANALYSIS MYTHS DEBUNKED!
IT IS OPTIONAL FOR SMALL PROVIDERS.
FALSE: All HIPAA-Covered entities must perform a risk analysis. The same applies to providers who want to receive Electronic Health Record (EHR) incentive payments.
INSTALLING A CERTIFIED EHR FULFILLS THE MEANINGFUL USE (MU) REQUIREMENT.
FALSE: Performing security risk analysis is a must even if there is a certified EHR. The MU requirement covers all PHI you maintain, not just what is in the EHR
RISK ANALYSIS NEEDS TO BE CONDUCTED JUST ONCE.
FALSE: To comply with the regulations, you must constantly ramp up your security posture. This includes conducting regular risk analysis.
SECURITY RISK ANALYSIS NEEDS TO FOCUS ONLY ON THE EHR.
FALSE: You must analyze all electronic devices that handle PHI and not just the EHR.
THE EHR VENDOR TAKES CARE OF ALL PRIVACY AND SECURITY MATTERS.
FALSE: The EHR vendor may provide information, support and training on the privacy and security matters of the product, but they are not responsible for making the product compliant with privacy/security regulations.
DON'T RISK IT, CONTACT US!
NOT SURE IF YOU NEED TO BE HIPAA COMPLIANT?
According to Health and Human Services HIPAA Federal Regulations, if you belong to the category of “Covered Entities” or “Business Associates,” and you handle, access or transmit “protected health information (PHI),” you and your organization are required to be HIPAA compliant.
RISK REDUCTION & PATIENT SECURITY
Data theft, accidental improper disclosure, state privacy regulation and workforce education of patient security is advancing through ever-increasing criminal tactics, and the scope of HIPAA compliance extends to new levels with the changing requirements faced by covered entities and business associates.
SECURITY RISK ASSESSMENT
An accurate assessment contains three categories, Administrative, Technical and Physical safeguards. The assessment is conducted by using the following: External Penetration test, Corrective Action Plan (CAP), and proof of required Satisfactory Assurance of documentation.