HIPAA RISK ASSESSMENT/ANALYSIS
The requirement by HIPAA for conducting risk assessments has been in place since 2003. However, few health care providers have completed the assessment.
The rule was put in place to help healthcare providers uncover potential weaknesses in their security policies, processes and systems.
It requires organizations that handle protected health information to put in place and then regularly review their administrative, physical and technical safeguards to protect the security of their patients’ protected health information.
Merit-Based Incentive Payment System (MIPS)
According to the HIPAA Security Rule, a risk assessment must be conducted in order to successfully attest to the government’s requirements for Medicare and Medicaid EHR incentive program in order to ensure the privacy and security of their patients’ protected health information.
The "recurring" risk assessment process will consist of:
- Observing and identifying
- Documenting
- Gathering
- Interviewing
- Developing remediation plans and
- Working with management to prioritize and design a risk mitigation plan
Note: Our HIPAA program does not include computer software support, practice management software support, computer hardware support or internet technology support or services.
Please allow half a day to a full day, depending on the size and complexity of the facility, to complete the assessment. We require the Practice Manager or designated HIPAA compliance officer's assistance in order to conduct the assessment.