HIPAA Security Risk Assessment

Protecting electronic protected health information (e-PHI) from data breach, theft, and misuse has never been more essential.

Talk to Us Today

The Administrative Safeguards of the HIPAA Security Rule require covered entities and their business associates to conduct a periodic risk analysis as part of their security management program. Specifically, Section 164.308 (ii) (A) reads as follows:

Risk analysis (Required). Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate.

While no specific timeframes are mandated, the intent of the requirement is that risk analysis should be an ongoing process in which the covered entity or business associate periodically evaluates the effectiveness of existing security measures and regularly reviews potential risks to e-PHI. It has become generally accepted practice to perform HIPAA security risk assessments on an annual basis.

Our process.

When conducting a HIPAA security risk assessment, Agio performs an initial “gap analysis” between our client’s current state and the requirements in the HIPAA Security Rule. This process includes an evaluation of all controls including policies, procedures, and technical safeguards.

Contact Us

Our comprehensive HIPAA security risk assessment also identifies existing vulnerabilities in the IT infrastructure, including physical access levels by personnel and third-party vendors. Potential threats to the confidentiality and integrity of e-PHI, as well as to the access and availability of systems, applications, devices, and databases will be enumerated and evaluated. While not explicitly required, we believe a comprehensive penetration test should be conducted to identify risks and effectively validate controls.

The risk analysis includes:

Evaluation

We evaluate the likelihood and impact of potential risks to e-PHI.

Recommendations

We recommend appropriate security measures to address the risks identified.

Corrective Action Plan

We document the recommended security measures and the rationale for adopting those measures.

Security Protections

We determine the reasonable and appropriate security protections that need to be implemented, continuously maintained, and regularly reviewed.

Trending resources.

Healthcare cybersecurity governance

HIPAA Safe Harbor Bill Becomes Law & Incentivizes Security

Read More
Cyber insurance

No Detection and Response? No Cybersecurity Insurance.

Read More
cybersecurity

Can Your Employees Handle an Attack Every 11 Seconds?

Read More

Connect with us.

Come Join Us at the HFM Billion Dollar Leaders Summit!

Agio is thrilled to announce our sponsorship at the HFM Billion Dollar Leaders Summit 2024, taking place at the stunning Gurney’s Montauk in New York.

Join us May 6th-7th, 2024 for this event where industry leaders converge to discuss the latest trends and strategies shaping the future of finance.

We look forward to seeing you there!

 

Come Join Us at the HFM Billion Dollar Leaders Summit!
The Agio Vision

This is the heading content

This is the text content

 

testing
Agio Academy
(function(d,b,a,s,e){ var t = b.createElement(a), fs = b.getElementsByTagName(a)[0]; t.async=1; t.id=e; t.src=s; fs.parentNode.insertBefore(t, fs); }) (window,document,'script','https://tag.demandbase.com/0825d0a2.min.js','demandbase_js_lib');