What’s Required for a HIPAA Risk Assessment?
Many clients ask us what is required for a HIPAA Risk Assessment. Our team of compliance experts have the following top 5 things for you and your organization to consider for a HIPAA risk assessment:
- Identify the PHI that your organization creates, receives, stores, and transmits – including PHI shared with consultants, vendors, and Business Associates.
- Identify the human, natural and environmental threats to the integrity of PHI – human threats including those which are both intentional and unintentional.
- Assess what measures are in place to protect against threats to the integrity of PHI, and the likelihood of a “reasonably anticipated” breach occurring.
- Determine the potential impact of a PHI breach and assign each potential occurrence a risk level based on the average of the assigned likelihood and impact levels.
- Document the findings and implement measures, procedures, and policies where necessary to tick the boxes on the HIPAA compliance checklist and ensure HIPAA compliance.
Important note
A HIPAA risk assessment is not a one-time requirement, but a regular project necessary to ensure continued HIPAA compliance. The HIPAA risk assessment and an analysis of its findings should be reviewed when changes to the workforce, work practices, or technology occur.
To ensure compliance with HIPAA Rules, and provide you with HIPAA certification, Drummond has a team of HIPAA experts ready to assist you through the process.