Security Risk Analysis

Performing a security risk analysis is a HIPAA requirement … and a smart business practice.

The HIPAA Security Rule requires covered entities to conduct an annual risk assessment of their health care organization. Electronic protected health information is critical to your business and vital to the care of your patients. Conducting a security risk analysis (SRA) will help identify areas where protected health information (PHI) could be at risk.

All electronic protected health information (ePHI) that is created, received, maintained or transmitted by an organization is subject to the Security Rule. The rule also requires entities to evaluate risks and vulnerabilities in their environment and implement appropriate security measures to protect the integrity and security of ePHI.

Completing a SRA and correcting any deficiencies are core requirements for many incentive programs such as the Quality Payment Program and the Promoting Interoperability program (formerly Meaningful Use). The SRA should be performed annually to be HIPAA compliant and meet reporting requirements.

What our SRA services can do for your practice

  • Align policies and procedures with HIPAA standards
  • Develop custom privacy and security policies and procedures
  • Identify and document potential threats, vulnerabilities and possible impact to your operations
  • Provide guidance on documenting corrective actions needed to mitigate identified risks
  • Deliver report findings and supporting documentation
  • Perform virtual desktop review of your existing policies and procedures
  • Consult, educate and guide your staff on HIPAA best practices
  • Reduce your clinical staff burden

Benefits of working with AFMC

  • Nearly 10 years’ experience successfully completing more than 1,600 SRAs
  • Expertise and in-depth knowledge of HIPAA compliance standards and SRA requirements
  • Proprietary tools and processes that address the key SRA components: Technical, administrative and physical safeguards
  • On-site assessments available (virtual or in-person)

What our customers say …

“This was our first experience using AFMC for our SRA. I was a little apprehensive in the beginning, but the entire SRA went very well, and it was easier than I had anticipated. AFMC’s team of experts were available to answer my questions and guide me through the entire process. I am very satisfied and have already recommended AFMC to others.”

Kelly Chitty. Office Administrator
Bertram Kaplan, M.D., Dermatology
West Memphis, Ark.

“As a former CIO for a large primary care system and now CTO for a national healthcare group, I can attest to the importance of obtaining a proper and thorough security risk assessment from a competent third-party entity. With the ever-present HIPAA Security Rule constantly changing it is extremely difficult to understand these changes, much less where an organization might be at risk. Having AFMC conduct our SRA’s delivered a huge benefit to us through their ability to large-scale and provide meaningful feedback relative to actual site visits relative to compliance. I highly recommend the AFMC Team!”

Greg L. Wolverton, FHIMSS
Chief Technology Officer
CSI Solutions, LLC

Additional Resources

Yes, I'd like a consultation

Learn more about a security risk analysis

Security Risk Analysis flyer image