Security Risk Assessment

Taking the Anxiety Out of Security Risk Assessments

Preparing for and performing a Security Risk Assessment (SRA) can cause considerable anxiety, but not if you are prepared. Although the requirement for a Security Risk Assessment has been around since HIPAA was enacted in 2006, the implementation of Meaningful Use brought this requirement into the spotlight.

It is very important to complete an SRA annually for your practice. If there is a data breach and an SRA has not been performed, then you are more likely to face a fine/penalty and or other sanctions. Be sure you have the tools and knowledge you need to perform a valuable risk assessment in 2020.

In a risk assessment the three types of safeguards that need to be examined are:

  • Administrative
  • Technical
  • Physical

For each safeguard there should be a description of what your practice has in place to address the requirements in the HIPAA privacy rule and the likelihood and impact of a breach if the safeguard is not in place.

In the event one of the requirements for a safeguard has not been addressed in your practice, remediation that will be put in place should be documented, as well as who will be responsible to address the issue and anticipate completion date. For each safeguard area there are required risk mitigations so those have to be in place.

Some safeguards are considered standard so they have to be put in place as described but time can be taken to remediate any that are not in place. Some are addressable. These are things that can be in documented as having safeguards in place, a workaround to mitigate risk.

Finally there are those that are required. Those are required to be in place immediately.

Please reach out to us for help with your Security Risk Assessment. Our assistance and tools are available at no cost to your practice. We have a risk assessment tool that has questions that cover each safeguard noted in the HIPAA law.

We also have a template of Information Technology policies and procedures that can be customized for your practice. If you currently only have a hard copy resource, this template will give what is needed in an electronic form so it does not have to be transcribed electronically.

Please contact us at techassist@qsource.org or 1-844-205-5540 for assistance and or to receive these invaluable tools.

There are also resources here.

To dig deeper into the details of best practices for preparing and performing a Security Risk Analysis, join our roundtable Office Hours on June 26 at 2PM CT/3 PM ET. You can register here.