HIPAA Risk Assessments
All Electronic Protected Health Information (EPHI) that is created, received, maintained or transmitted by a covered entity is subject to the Security Rule. Covered entities are required to implement reasonable and appropriate security measures to protect against reasonably anticipated threats or hazards to the security or integrity of EPHI.
The Security Rule requires covered entities to evaluate risks and vulnerabilities in their environments and to implement policies and procedures to address those risks and vulnerabilities.
Important Things to Know
The required implementation specification at §164.308(a)(1)(ii)(A) for Risk Analysis includes a covered entity to, “[c]onduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity.”
So you’re confident that your data undergoes this required assessment, we offer in our Risk Assessment program:
- Site consultation
- Site interview
- Site survey
- Electronic scans
- Physical scan
- Generated reports of collected data
- Official documentation for office use