• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Boost IT

Boost IT

Managed IT Services, Cybersecurity, & Cloud

  • SERVICES & SOLUTIONS
    • IT MANAGEMENT >
      • Take an IT Self-Assessment
      • IT Assessment
      • 24/7 Help Desk Support
      • Managed IT Support
      • Mobile Workforce
      • Software Updates
      • Remote Server Monitoring
      • Wi-Fi
    • IT SECURITY >
      • Take a Cybersecurity Self-Assessment
      • Cybersecurity Assessment
      • Endpoint Detection & Response
      • Multi-Factor Authentication (MFA / 2FA)
      • Security Operations Center (SOC) Support
      • HeatShield Perimeter Firewall
    • IT CONSULTING >
      • IT Insight & Ongoing Guidance
      • vCIO – Virtual CIO
    • CLOUD >
      • Data Backup & Disaster Recovery
      • Microsoft Office 365 & E-mail
      • Cloud File-Sharing Platform
      • Business Phone System
    • Frequently Asked Questions
  • OUR CLIENTS
    • Engineering
    • Financial Services
    • Healthcare
    • Real Estate Development
    • Projects
    • Testimonials
    • Transition to Boost IT
  • OUR TEAM
    • One IT Question
    • Our Proven Process
    • Our Partners
  • BLOG
  • CONTACT
    • Book a Meeting
    • Client Portal
    • Remote Support
You are here: Home / Cyber Security / HIPAA Compliance Assessment and Risk Analysis

HIPAA Compliance Assessment and Risk Analysis

October 29, 2015 by Boost IT

Avoid HIPAA Fines

HIPAA Assessment and Risk AnalysisHIPAA Compliance Assessment and Risk Analysis

The HIPAA assessment can include documentation for a number of different modules.  There is a link to download a FREE HIPAA Assessment tool below.

HIPAA Policies & Procedures

The Policy and Procedures are the best practices that our industry experts have formulated to comply with the technical requirements of the HIPAA Security Rule. The policies spell out what your organization will do while the procedures detail how you will do it.

In the event of an audit, the first thing an auditor will inspect are the Policies and Procedures documentation. This is more than a suggested way of doing business. The Policies and Procedures have been carefully thought out and vetted, referencing specific code sections in the Security Rule and supported by the other reports include with the HIPAA Compliance module.

HIPAA Risk Analysis

HIPAA is a risk-based security framework and the production of a Risk Analysis is one of primary requirements of the HIPAA Security Rule’s Administrative Safeguards. In fact, a Risk Analysis is the foundation for the entire security program.

It identifies:

  • the locations of electronic Protected Health Information (ePHI,)
  • vulnerabilities to the security of the data, threats that might act on the vulnerabilities
  • estimates both the likelihood and the impact of a threat acting on a vulnerability.

The Risk Analysis helps HIPAA Covered Entities and Business Associates identify:

  1. the locations of their protected data,
  2. how the data moves within, and in and out of, the organization
  3. what protections are in place, and
  4. where there is a need for more protections

The Risk Analysis results in a list of items that must be remediated to ensure the security and confidentiality of ePHI. The value of a Risk Analysis cannot be overstated. Every major data breach enforcement of HIPAA, some with penalties over $1 million, have cited the absence of, or an ineffective, Risk Analysis as the underlying cause of the data breach. The Risk Analysis must be run or updated at least annually, more often if anything significant changes that could affect ePHI.

In fact, HealthIT.gov provides a FREE HIPAA Risk Analysis tool you can download and run yourself.

HIPAA Risk Profile

A Risk Analysis should be done no less than once a year. However, we can create an abbreviated version of the Risk Analysis called the HIPAA Risk Profile designed to provide interim reporting in a streamlined and almost completely automated manner.

Whether performed monthly or quarterly, the Risk Profile updates the Risk Analysis and documents progress in addressing previously identified risks, and finds new ones that may have otherwise been missed and resulted in a data breach.

Other Reports

We can also complete a HIPAA Management Plan report, Evidence of HIPAA Compliance report, Disk Encryption Report, File Scan Report, and User and Computer Identification Reports.

Call Boost IT at 404-865-1289 if you want to get in compliance.  It’s easier than you think.

Filed Under: Cyber Security, Healthcare Tagged With: HIPAA

Connect With Us

  • Facebook
  • Instagram
  • LinkedIn
  • YouTube

Footer

Next Steps

Start with the SOLUTIONS menu above.

Take an IT Self-Assessment.

Take a Cybersecurity Self-Assessment.

Read Case Studies about how we’ve helped our clients transform their companies.

View Testimonials from current clients.

Review some of our Projects.

Featured Posts

How To Choose a New Laptop

How To Create a Shared Calendar in Outlook & Microsoft 365

17 New Cyber Liability Insurance Questions Your Provider Will Ask

Atlanta Real Estate Firm Gets Ransomware

Why Hackers Target Small Businesses

Cloud File Sync and Share Provides Speed and Efficiency

Office Location

© 2000–2023 · Boost IT, LLC · Coverage Area

  • SERVICES & SOLUTIONS
  • OUR CLIENTS
  • OUR TEAM
  • BLOG
  • CONTACT