HIPAA/HITECH Risk Assessments

risk_management_1600_clr_5468The purpose of this risk analysis, based on compliance with HIPAA and HITECH related security requirements, is to evaluate the adequacy of your organization’s security controls. This risk analysis provides a structured qualitative assessment of the operational environment. It addresses threats, vulnerabilities, risks, and safeguards. The assessment recommends cost-effective safeguards to mitigate threats and associated exploitable vulnerabilities.

Security Risk Assessment to include:black_street_sign_text_10940_design_built

  • Review and update PHI inventory to determine where electronic and other data is located within your organization,
  • Evaluation of existing security policies and procedures to ensure they are sufficient to be effective, currently operational, and meet compliance programs appropriate for your size organization,
  • Interview staff members,
  • Review active BAAs,
  • Assessment of current HIPAA security compliance operations including safeguards in place, as well as vulnerabilities and specific threats to safeguards,
  • Complete HIPAA Security Rule Questionnaire (~250 related items),
  • Examination of the three safeguards required by 45 CFR 164.308 (a)(1) — administrative, physical and technical, including the latest Omnibus Rules changes,
  • Risk Assessment conducted in accordance with NIST SP 800-30 Guide for Conducting Risk Assessments,
  • Risk Assessment level of effort is based on reasonable and timely access to employees, systems, and documentation, and
  • Provide comprehensive and audit-ready reports with findings and recommendations that include detailed vulnerabilities and remediation recommendations that are delivered in white paper as well as PDF form:
    • Generate a HIPAA Security Rule Assessment Report and
    • Generate a Security Risk Analysis Report.