HIPAA Risk Assessment

You are here: Home » Services » HIPAA and Compliance » HIPAA Risk Assessment

The requirement to complete a HIPAA Risk Assessment has been in place since the original HIPAA Privacy Rule was issued in 2003. However, very few healthcare organizations have completed such an assessment.

Expert HIPAA Risk Analysis and Risk Assessment

The Fox Group can assist your organization with performing a HIPAA Risk Assessment. Many organizations perform these audits internally, but an outside review can sometimes be more thorough, and the advice you receive on compliance will not be predetermined by the approach the organization has previously taken to such compliance. Don’t leave your organization subject to fines and negative publicity associated with a privacy breach.

The Fox Group is well versed in addressing the details needed to help your organization comply with current HIPAA regulations and to set up systems that will benefit you for years to come. The following will help you to further understand your organization’s responsibility and the scope of services that we provide when engaged to complete a HIPAA risk assessment.

HIPAA, HITECH, and Meaningful Use

The HITECH Act of 2009 updated the HIPAA law, introducing several additional requirements and privacy safeguards, and the Meaningful Use criteria for certified EHR technology includes a specific requirement to perform a HIPAA Risk Assessment in order to qualify for the HITECH Act incentives for adopting EHR technology. This means there are two imperatives for performing a HIPAA Risk Assessment:

The original requirement in the HIPAA Privacy Rule, and
For healthcare organizations applying for HITECH Act EHR Meaningful Use incentives, the requirement to complete a HIPAA Risk Assessment as part of certifying the organization’s use of certified EHR technology.

Proper completion of your HIPAA assessment must include both Privacy and Security Rules

The HIPAA Privacy Rule refers to those standards that protect individuals’ medical records and other personal health information. They require appropriate safeguards intended to protect the privacy of personal health information, and give patients rights over their health information.

Sample areas included in our HIPAA privacy rule assessment include:

Privacy & Confidentiality
Notice of Privacy Practices
Marketing/Fundraising/Sale of PHI
Minimum necessary Rule
Decedents
Research Authorizations

Disclosures
Employee Training
Access to PHI
HIPPA Compliance in Front and Back Office, and by Providers
Business Associate contracting activities and BA Agreements in use

The HIPAA Security Rule refers to standards intended to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate (1) administrative, (2) physical, and (3) technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.

Sample areas included in our HIPAA security rule assessment include:

Security Management
Worker Sanctions
Security Responsibilities
Workforce Clearance/Termination Procedures
Authorization and Supervision of Access to ePHI
Isolation Health Clearinghouse Functions
Log-in Monitoring
Password Management
Security Incidents
Protection from Mal-ware
Security Awareness Training/security Reminders
Risk Analysis/Vulnerability Assessment
Contingency Planning

Data Backup Plan
Disaster Recovery Plan
Emergency Mode Operation Plan
Testing and Revision Procedures
Applications and Data Critical Analysis
Facility Access Controls; recommend changes/updates
Facility Security Plan, including access controls and maintenance/repairs
Workstation Use/Security Policies and practices
Policies and Procedures for Device and Media Controls (Disposal/Reuse/Accountability)
Technical (administrative) policies to manage PHI access (User ID, Emergency Access, Auto Log-off, Encryption)
Audit Controls, Integrity, Authentication (PHI and Person)
Transmission Security (Integrity and Encryption)
Breach Notification Plan/Procedures

The Fox Group works throughout the U.S., so Contact Us and get the expert assistance that you need in order to ensure that your organization if comfortably complying with today’s HIPAA requirements. We think you’ll be glad you did.

Google+

Excellence since 1989

The Fox Group was founded in 1989 and has provided outstanding healthcare consulting and executive management services to domestic and international clients throughout the United States and Europe.

Languages

Latest Articles

Twitter

RT @andrewspong: 'Circus Challenge', a computer game to help rehabilitate stroke patients http://t.co/neFmLxNN | BBC #hcsmeu #gamification about 1 day ago
@kburnsmd A few years ago I was at a charity auction and the big prize was limo service > box seats at Dodgers game > and dinner with Tommy! about 3 days ago in reply to kburnsmd

@tmlfox