Security Risk Analysis (SRA)
The Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires that covered entities conduct an accurate and thorough risk analysis of the potential risks and vulnerabilities of their health care organization’s electronic protected health information (ePHI).
Once you have completed the risk analysis, you must take additional steps to reduce the identified risks.
Why conduct a security risk analysis?
- Protect your patient’s electronic personal health information (ePHI)
- Comply with Federal Law and Reputation (HIPAA and HITECH)
- Successfully report the MIPS ACI component of the Quality Payment Program
- Successfully report the SRA requirement of the Medicaid EHR incentive Program
Why is this important?
- It’s the law (HIPAA and HITECH)
- You can be audited
- You are legally responsible for avoiding security incidents and breaches
- You can be fined
- Your patients trust and expect you to protect their personal health information
- Your reputation depends on it
How can AFMC HealthIT help you?
- Enable self-review of your ePHI protection program
- Identify vulnerabilities in your ePHI protection program
- Articulate an action plan to mitigate each vulnerability
- Document findings to support SRA audit
- Provide tools and resources to mitigate identified risk
Selected as the Regional Extension Center for Arkansas, AFMC HealthIT performed SRAs for eligible professionals who participated with the REC program in their effort to achieve Stage 1 of Meaningful Use. We developed and refined a unique and innovative SRA process that includes:
- Policy and procedure templates
- A suite of helpful forms and tools
- Onsite facility inspections offered in-state, when requested (additional cost)
AFMC HealthIT’s team of experienced and certified assessors assists practices by performing annual SRAs. It is important to note that none of AFMS’s SRA practices have ever failed an audit due to a deficient HIPAA SRA.
Protect your practice’s ePHI by contacting us today.
Want to learn more about Security Risk Analysis?