Frequently Asked Questions

Why do I need a separate risk analysis for each of my office locations?


A proper Risk Assessment identifies and asses vulnerabilities in your office that would make your patient data susceptible to a breach or corruption of data.  This correlates with the three pillars of HIPAA: Accessibility, Integrity and Security. Therefore you must be examining both the technical AND physical securities and limitations in your office.
  • Each of your practice locations has a method for you to access your data. This means each location is a portal to patient information that we must safeguard.
  • Each of your practice locations has it’s own set of computers, routers, firewalls and technical equipment.
  • Each of your practice locations has its’ own physical location, physical security and physical risks.
  • Each of your practice locations may have its’ own associated employees.
The Risk Assessment looks at all the risks for the individual location and provides you with a Risk Mitigation plan that is specific to the location.
There have been incidents in the past where an organization had a HIPAA Incident and upon investigation it was discovered that the Risk Analysis was not specific for the location.  Consequently, the organizations experience large fines.