What is a HIPAA Security Risk Analysis?
The HIPAA Security Rule exists to assure the confidentiality, integrity, and availability of electronic Protected Health Information (ePHI). When you perform a Security Risk Analysis, you can determine exposure to PHI and establish security measures to keep that PHI safe.
The HIPAA Security Rule specifically requires covered entities or their business associates to conduct Security Risk Analyses. While some organizations chose to do this internally an outside review is often essential to provide an unbiased assessment of risks.
The PrivaPlan Security Risk Analysis is unique within the industry because of our deep and extensive experience in the following healthcare industries and how they operate:
- Small to mid-size healthcare providers, including physicians, allied health professionals, and telemedicine.
- Hospitals, including rural and critical access hospitals, and large medical practices.
- Health insurers and health plans
- Business Associates
- Public health and social services organizations
- Federally Qualified Health Centers and Community Health Centers
How do we perform a HIPAA Security Risk Analysis?
Over the last twenty years PrivaPlan has developed a proprietary and highly acclaimed methodology. Our methodology integrates the best practices found in guidance from NIST, the Office of the National Coordinator (ONC), and have been field tested in thousands of organizations.
Our methodology includes a team effort by our organization.
Security risks are evaluated in these four areas:
- Administrative Safeguards are the people and processes that safeguard PHI. From vetting business agreements to employee training, documentation of operations are essential to maintaining HIPAA compliance.
- Physical Safeguards include the physical security of your organization including the new work from home model. We conduct our assessment either in person or virtually.
- Technical Safeguards – identifies the controls that are in place to secure and safeguard data.
- Organizational Safeguards identifies organizational wide systems and processes including policies and procedures.
The evaluation of these four areas incorporates specific testing (such as managed phishing testing or network vulnerability testing). The results of our evaluation are complied and considered against the backdrop of your organization. There is no one size fits all in a risk analysis and our findings reflect what is scalable and reasonable.
PrivaPlan’s risk analysis report is a comprehensive and easy to understand narrative that has been widely praised. Not only do we identify the risk, but we provide recommendations on how to remediate them. This provides your organization with actionable guidance to follow.
Guidance on Security Risk Analysis
PrivaPlan Associates is recognized as a leading HIPAA consulting company for a reason: because we have the tools, training, and support to keep you proactive in HIPAA compliance.
We keep you current with your compliance efforts by locating the strengths and vulnerabilities of your healthcare organization. So, you can continue to deliver exceptional patient health care.
Contact Us today to schedule a Security Risk Analysis.What is a HIPAA Security Risk Analysis?