HIPAA Risk Assessment

          A report conducted between August 2009 and the end of 2010 revealed six million breaches of ePHI (electronic protected health information).  The study included single breaches of 500 or more patients, which must be reported to individuals, the media and the DHHS (Department of Health and Human Services).  Sixty-one percent of breaches were from malicious intent and 40% of breached records involved BAs (business associates).

          As EHRs (electronic health records) gain more prominence with efforts by healthcare organizations to move toward meaningful use, more interoperable and more accessible ePHI also means more vulnerable ePHI.  Compliance experts advise a proactive approach to safeguard ePHI and the HIPAA Security Rule requires healthcare entities to conduct a risk analysis.  This includes an accurate and thorough assessment of potential risks and vulnerabilities to the confidentiality, integrity and availability of ePHI. 

          Risk assessment methods may vary, but are required to contain elements such as scope of analysis, data collection, identify and document potential threats and vulnerabilities, assess current security measures, determine the likelihood of threat occurrence, and determine the level of risk, just to name a few.  The point is to understand the risk and then mitigate it. 

          A thorough HIPAA risk assessment requires a grasp of core business functions of the organization in addition to careful analysis of where and how data lives and moves.  As a CE (covered entity), you cannot afford a security breach or to violate HIPAA Privacy and Security Rules. 

Take your first step toward compliance – Click here to learn more!




About Julie

My credentials include a Master's Certificate in Health Informatics, a CHPSE certification (Certified HIPAA Privacy and Security Expert), and certification in HL7 (Health Level 7). The multidisciplinary approach to equipping myself to enter the healthcare IT sector is consistent with my professional background in sales, management, healthcare, and recruiting. I also have a BA in Organizational Psychology from the University of Michigan, which as been invaluable in my professional life for exceling in sales, change management, and laying down an excellent foundation from which I was able to build effective communication skills with professionals of all levels.

Posted on March 20, 2011, in Education and Training, HIPAA, News, Training and tagged , , , , , , , , , , , , , , , , , , , , , , , , . Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: