Nine Components of a HIPAA Risk Analysis

The Department of Health and Human Services requires organizations to conduct a risk analysis as the first step toward implementing safeguards specified in the HIPAA Security Rule, and ultimately achieving HIPAA compliance. But what does a risk analysis entail, and what do you absolutely have to include in your report?

The HHS Security Standards Guide outlines nine mandatory components of a risk analysis that healthcare organizations and healthcare-related organizations that store or transmit EPHI (electronic protected health information) must include in their document:

Scope of the Analysis – Any potential risks and vulnerabilities to the privacy, availability and integrity of EPHI. This includes all electronic media your organization uses to create, receive, maintain or transmit EPHI – portable media, desktops and networks. Network security between multiple locations is also important to include in the scope of the analysis, and may include aspects of your HIPAA hosting terms with a third-party or Business Associate.
Data Collection – Where does the EPHI go? Locate where data is being stored, received, maintained or transmitted. Again, if you’re hosting health information at a HIPAA compliant data center, you’ll need to contact your hosting provider to document where and how your data is stored.
Identify and Document Potential Threats and Vulnerabilities – Identify and document any anticipated threats to sensitive data, and any vulnerabilities that may lead to leaking of EPHI. Anticipating potential HIPAA violations can help your organization quickly and effectively reach a resolution.
Assess Current Security Measures – What kind of security measures are you taking to protect your data? From a technical perspective, this might include any encryption, two-factor authentication, and other security methods put in place by your HIPAA hosting provider.
Determine the Likelihood of Threat Occurrence – Take account of the probability of potential risks to EPHI – in combination with #3 Potential Threats and Vulnerabilities, this assessment allows for estimates on the likelihood of EPHI breaches.
Determine the Potential Impact of Threat Occurrence – By using either qualitative or quantitative methods, assess the maximum impact of a data threat to your organization. How many people could be affected? What extent of private data could be exposed – just medical records, or both health information and billing information combined?
Determine the Level of Risk – HHS suggests taking the average of the assigned likelihood (#5) and impact levels (#6) to determine the level of risk. Documented risk levels should be accompanied by a list of corrective actions that would be performed to mitigate risk.
Finalize Documentation – Write everything up in an organized document – HHS doesn’t specify any format, but they do require the analysis in writing.
Periodic Review and Updates to the Risk Assessment – It’s important the risk analysis process is ongoing – one requirement includes conducting a risk analysis on a regular basis. While the Security Rule doesn’t set a required timeline, HHS recommends organizations conduct another risk analysis whenever your company implements or plans to adopt new technology or business operations. This could include switching your data storage methods from managed servers to cloud computing, or any ownership or key staff turnover.

HIPAA Risk Analysis Components

Looking for HIPAA resources from organizations that have HIPAA policies, procedures and training materials in place? View HIPAA resource links on our site, or watch an educational webinar on the legal implications of HIPAA, HITECH, BAAs and the law.

READ

Why Smart Data is the Key to Future Lending

Source:
HIPAA Security Standards: Guidance on Risk Analysis from HHS.gov

You must log in to post a comment.

5 Ways Big Data is Transforming Customer Service

Data Mining Can Be a Game Changer for Small Businesses

Modern Mac Malware Is Worse Than Your Wildest Dreams

The World of Digital Marketing Has Certainly Evolved

Education and the Blockchain – Should We be Teaching Blockchain in Schools?

Leveraging Data with Business Intelligence Analytics Tools

How the Internet of Things is Changing Big Data Analytics

Can Business Intelligence Answer the Questions Asked of it Without Big Data?

6 Ways Big Data Analytics Is Changing the E-Commerce Industry

How to Overcome Data Visualisation Problems

Current Landscape and Applications of Blockchain Explained

How Big Data Is Driving Airline Loyalty Programs

The Enterprise Graph – From Connections To Customer Insights

Can Smart Data Ensure Cybersecurity and Data Protection?

5 Ways Big Data Is Transforming Finance

Big Data is Cutting Spreads and Making Forex Trading More Cost-Effective

Why Every College Student Should Study Predictive Analytics

Dark Data: The hidden billion dollar opportunity

Quality vs Quantity in Customer Service Analytics

4 Customer Retention Metrics for Data-Driven Ecommerce

Emotions: The Next (but not new) Frontier in Artificial Intelligence & Cognitive Computing

Predicting Airline Loyalty Churn – Cathay Pacific Marco Polo [Case Study]

How big data is affecting social media metrics and Facebook ad strategies

Report: Brands Use Advanced Analytics to Reach Double Digit Growth

Dark Data: The hidden billion dollar opportunity

Predicting Airline Loyalty Churn – Cathay Pacific Marco Polo [Case Study]

How to Be a Text Analytics Rock Star in your Organization

Text Analytics: It’s Not Just for BIG Data

The Smart Data Lake Imperative

Data-Driven Facts for Better Blogging

How to Make Site Search a Conversion Tool

Get The Best Out Of Your Marketing Strategy By Integrating Analytics

The Types of Simple Queries Businesses Need to Ask that Spark Growth

How Did Big Data Create a Modern Day Manufacturing Workforce?

The 7 Biggest Data Trends to Watch in Finance for 2017

Taking Data Visibility to the Office Walls

What Led to the Recent Huge Buzz Around Analytics?

Client Scheduling Data: How Past Behavior Predicts The Future

How to Accomplish Data Monetization?

7 Great Benefits of Big Data in Marketing

Small Business Data Backup and Safety Tips

Big Data, Data Mining and Machine Learning: Deriving Value for Business

Data Mining Can Be a Game Changer for Small Businesses

Overcoming the Challenges of Big Data Clustering

5 Challenges Your Company Has to Overcome to Succeed in Data Mining

Can Smart Data Ensure Cybersecurity and Data Protection?

How to Overcome Data Visualisation Problems

How Human Centered Design and Big Data Are Merging in 2017

How to Scale Your Big Data Project Effectively

How to Overcome Data Visualisation Problems

Data Driven: 5 Ways Automakers Use Big Data to Improve Their Products

Taking Data Visibility to the Office Walls

6 Key Capabilities an Embeddable Analytics Software Should Deliver

Dropbox or Box – Which Cloud Storage For Small Businesses

Overcoming the Challenges of Big Data Clustering

What is an Enterprise Data Warehouse?

How Much Is Data Center Downtime Costing You?

Social Media and Big Data Are Creating a New Generation of Millionaires

Can Smart Data Ensure Cybersecurity and Data Protection?

Predicting Airline Loyalty Churn – Cathay Pacific Marco Polo [Case Study]

Are Instagram Stories a Big Data Goldmine?

The 7 Biggest Data Trends to Watch in Finance for 2017

Data Driven: 5 Ways Automakers Use Big Data to Improve Their Products

Thinking Efficiency: IT, OT, And The Issue Of Migration

Is Big Data Security Still Lacking?

New Features of CRM that has Revolutionized Microsoft Dynamics 365

Medical AI Isn’t Just Beneficial – It’s Becoming Necessary

Leveraging Data with Business Intelligence Analytics Tools

How to Apply Agile Marketing Strategies to Data Driven Enterprises

Medical AI Isn’t Just Beneficial – It’s Becoming Necessary

Robots Could Hold Nearly 40 Percent of American Jobs by Early 2030s

Big Data is Leading the Fight Against Fake News

Keep calm, AI is not About to Make Marketers Obsolete

The Enterprise Graph – From Connections To Customer Insights

Will Predictive Analytics and POS Save Small Retailers from Extinction?

Leveraging The Cloud, New Technology and Video To Effectively Manage A Growing Global Workforce

In a World Full of Data, Can Analytics See the Market Trends?

New Features of CRM that has Revolutionized Microsoft Dynamics 365

Key Points from Microsoft Dynamics 365 Tech Conference

Customer Feedback and Data Analysis: The Keys to a Good Customer Retention Rate