Security Risk Analysis
Performing a security risk analysis is a HIPAA requirement … and a smart business practice.
The HIPAA Security Rule requires covered entities to conduct an annual risk assessment of their health care organization. Electronic protected health information is critical to your business and vital to the care of your patients. Conducting a security risk analysis (SRA) will help identify areas where protected health information (PHI) could be at risk.
All electronic protected health information (ePHI) that is created, received, maintained or transmitted by an organization is subject to the Security Rule. The rule also requires entities to evaluate risks and vulnerabilities in their environment and implement appropriate security measures to protect the integrity and security of ePHI.
Completing a SRA and correcting any deficiencies are core requirements for many incentive programs such as the Quality Payment Program and the Promoting Interoperability program (formerly Meaningful Use). The SRA should be performed annually to be HIPAA compliant and meet reporting requirements.
AFMC’s SRA team will:
- Align your policies and procedures with HIPAA standards
- Develop custom privacy and security policies and procedures
- Identify and document potential threats and vulnerabilities to your operations
- Provide guidance on documenting corrective actions needed to lessen risks
- Deliver report findings and supporting documentation
- Provide guidance on incentive program requirements
- Consult, educate and guide your staff on HIPAA best practices
- Reduce your clinical staff burden
AFMC’s SRA team has:
- 10 years’ experience successfully completing more than 1,600 SRAs covering 4,000 clinicians
- Expertise and in-depth knowledge of HIPAA compliance standards and SRA requirements
- Proprietary tools and processes that address the key SRA components: Technical, administrative and physical safeguards
- On-site assessments available (virtual desktop or in-person)
Learn more about a security risk analysis