HIPAA Risk Assessment
A report conducted between August 2009 and the end of 2010 revealed six million breaches of ePHI (electronic protected health information). The study included single breaches of 500 or more patients, which must be reported to individuals, the media and the DHHS (Department of Health and Human Services). Sixty-one percent of breaches were from malicious intent and 40% of breached records involved BAs (business associates).
As EHRs (electronic health records) gain more prominence with efforts by healthcare organizations to move toward meaningful use, more interoperable and more accessible ePHI also means more vulnerable ePHI. Compliance experts advise a proactive approach to safeguard ePHI and the HIPAA Security Rule requires healthcare entities to conduct a risk analysis. This includes an accurate and thorough assessment of potential risks and vulnerabilities to the confidentiality, integrity and availability of ePHI.
Risk assessment methods may vary, but are required to contain elements such as scope of analysis, data collection, identify and document potential threats and vulnerabilities, assess current security measures, determine the likelihood of threat occurrence, and determine the level of risk, just to name a few. The point is to understand the risk and then mitigate it.
A thorough HIPAA risk assessment requires a grasp of core business functions of the organization in addition to careful analysis of where and how data lives and moves. As a CE (covered entity), you cannot afford a security breach or to violate HIPAA Privacy and Security Rules.
Take your first step toward compliance – Click here to learn more!
Posted on March 20, 2011, in Education and Training, HIPAA, News, Training and tagged DHHS, EHR, electronic health record, electronic medical record, EMR, ePHI, health information technology, health information technology education, healthcare informatics, healthcare information technology, HIPAA, HIPAA Audit, HIPAA Audit software, HIPAA Audits, HIPAA breaches, HIPAA compliance, HIPAA compliance software, HIPAA Risk Assessment, HIPAA Risk Assessment checklist, HIPAA Risk Assessment software, HIPAA Security and Privacy, HIPAA Security Rule, HIPAA Training, risk analysis, risk analysis software. Bookmark the permalink. Leave a comment.