RISK Assessment

The requirement by HIPAA for conducting risk assessments has been in place since 2003.  However, few health care providers have completed the assessment. 

The rule was put in place to help healthcare providers uncover potential weaknesses in their security policies, processes and systems. 

It requires organizations that handle protected health information to put in place and then regularly review their administrative, physical and technical safeguards to protect the security of their patients’ protected health information.


Meaningful Use

According to the HIPAA Security Rule, a risk assessment must be conducted in order to successfully attest to the government’s requirements for meaningful use of Medicare and Medicaid EHR incentive program in order to ensure the privacy and security of their patients’ protected health information.

The risk assessment process will consist of:

      • Observing and identifying
      • Documenting
      • Gathering
      • Interviewing
      • Developing remediation plans and
      • Working with management to prioritize and design a risk mitigation plan

Note:   Our HIPAA program does not include computer software support, practice management software support, computer hardware support or internet technology support or services.

Please allow half a day to a full day, depending on the size and complexity of the facility, for the manager to assist in conducting a full assessment.