|
The HIPAA Security Rule addresses electronic protected health
information or ePHI. According to the HIPAA Security Law, organizations must
conduct an accurate and thorough assessment of the potential risks and
vulnerabilities to the confidentiality, integrity, and availability of
electronic protected health information held by the covered entity, otherwise
known as a Risk Analysis.
MedCo Data brings you a
cost-effective solution and roadmap to complete a thorough Risk Analysis. It is
a complete application for analyzing, documenting, and implementing your
computer and technical security environment.
What is Risk Analysis?
The objective of risk analysis is to "Conduct an accurate and thorough
assessment of the potential risks and vulnerabilities to the confidentiality,
integrity, and availability of electronic protected health information held by
the covered entity". 164.308(a)(1)(ii)(A)
Risk analysis is the first process in the area of risk management. The final
HIPAA Security Rule establishes both risk analysis and risk management as
required implementation specifications.
The HIPAA security risk analysis should be one of the first activities you do!
Specifically, this means:
- Analyze the risks and vulnerabilities to the ePHI each covered
entity creates, maintains, stores or transmits
- Understand the probability of these risks and vulnerabilities
- Assess measures already in place to reduce these risks
- Analyze its information and applications to find what is
critical and what is not.
- Conduct a formal risk analysis that balances the cost of
security against the expected value of losses.
- As a result of the analysis each entity must have a formal risk
management process that reduces risk to an acceptable level.
|
Through research and industry experience,
MedCoData has developed systems to effectively manage the HIPAA risks of health
care organizations in a package that will not break the budget. Call us today to
learn more.
|
