RISK Assessment - Initial
The requirement by HIPAA for conducting risk assessments has
been in place since 2003. However, few
health care providers have completed the assessment.
The rule was put in place to help healthcare providers
uncover potential weaknesses in their security policies, processes and
systems.
It requires organizations that handle protected health
information to put in place and then regularly review their administrative,
physical and technical safeguards to protect the security of their patients’ protected
health information.
Meaningful Use
According to the HIPAA Security Rule, a risk assessment must
be conducted in order to successfully attest to the government’s requirements
for meaningful use of Medicare and Medicaid EHR incentive program in order to
ensure the privacy and security of their patients’ protected health
information.
The risk assessment process will consist of:
- Observing and identifying
- Documenting
- Gathering
- Interviewing
- Developing remediation plans and
- Working with management to prioritize and design a risk mitigation plan
Note: Our HIPAA program does not include computer software support, practice management software support, computer hardware support or internet technology support or services.
Please allow half a day to a full day, depending on the size and complexity of the facility, for the manager to assist in conducting a full assessment.