HIPAA

IT Security Risk Assessments

HIPAA IT Security Risk Assessment and Recommendations:

The Office for Civil Rights enforces the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; the HIPAA Breach Notification Rule, which requires covered entities and business associates to provide notification following a breach of unsecured protected health information; and the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety.

We help organizations that handle protected health information by reviewing the administrative, physical and technical safeguards they have in place to protect the security of the information. By conducting these risk assessments, we can uncover potential weaknesses in their security policies, processes and systems.  Risk assessments also help providers address vulnerabilities, potentially preventing electronic health information data breaches or other adverse security events. A vigorous risk assessment process supports improved security of patient health data.

  • Risk

  • Threat

  • Vulnerability

  • Impact

  • Controls

Risk is a function of Threats x Vulnerabilities x Likelihood and Impact/Consequence.   It is subjective and qualitative in nature. Implementing controls can reduce risk.