HIPAA Security Risk Analysis Tool
A Risk Analysis is not a trivial task. The first step in a risk analysis is to determine what assets must be protected from threats. The second step is to determine what threats exist to those assets, physical, administrative, and technical. At that point a determination needs to be made as to what level of damage would be incurred should a threat be realized and cause an issue with protected health information. This includes an assessment as to what information is at risk, the nature of the information that is at risk and the amount of information that is at risk.
Obviously risks to sensitive data that involves a large amount of patients’ needs to be addressed before risks to less sensitive data that involves a single patient. Based upon these factors the risks are prioritized.
Under HIPAA each provider must take all reasonable steps to protect electronic health information. What is reasonable for a practice is determined by the resources available to the practice. There may be threats that are identified that are beyond the resources of the practice to fully mitigate. This needs to be taken into account during a proper Risk Analysis.
Our online tool collects information about your practice. The information we collect includes your administrative procedures, the technical security measures you have implemented, and the physical security measures you have implemented.
We also collect information on your hardware and software infrastructure, your staff, and your physical facility. With this information available to us, we cross reference data on known threats to protected health information and previous breaches of protected health information.
We also know the resources available to small practices, which is an extremely important part of the Risk Analysis. Taking into account the assets of the practice, the risks identified, the potential severity of the risks identified, the probability of a risk being realized and the resources of a practice we provide the practice with a risk mitigation plan that is reasonable for the practice. The Risk Analysis and Risk Mitigation Plan are bundled into a customized HIPAA Security Manual that includes the HIPAA policies and procedures that the practice is following.
Our tool is designed to provide your practice with guidance on how to minimize the probability of a HIPAA event, and the documentation necessary to demonstrate that your have implemented a Culture of Compliance in your practice.
In addition to the documentation and guidance in the hard bound manual that we provide to your practice we also have regular webinars on HIPAA compliance including monthly training webinars for your staff to educate all members of your staff about their responsibilities when dealing with sensitive health information whether it be printed, stored on electronic media, or spoken. Under the HIPAA regulations each and every member of your staff and workforce must be trained on HIPAA annually. This course is repeated monthly so that new members of your practice workforce can be trained on HIPAA within 30 days of joining your practice.
We also provide monthly webinars for administrators, security officers, and privacy officers that take a deeper dive into topics that these individuals need to understand as part of their role as practice leaders, the topics of these webinars changes regularly and our clients are encouraged to attend as many of these informative webinars as possible.
We have a comprehensive package that includes:
The Risk Analysis
The Risk Mitigation Plan
The Bound HIPAA Security Policy and Procedures Manual
Sample Notice of Privacy Practices forms
Sample Business Associate forms
HIPAA Staff Training Webinars
HIPAA Training webinars for Administrators and Officers
The physical space, and technical infrastructure of each practice location is different, therefore a customized HIPAA Security Policy and Procedure Manual must be created for each practice location. Our pricing structure is based upon how many locations your practice has. The program is $649 annually. We have discounts available through our association with various Electronic Health Record Vendors and other organizations. For more information on these discounts visit the Corporate Partners Page.