Keep Your Medical Clinic Out Of Hot Water With The HIPAA Police!


April 7, 2014

Conduct a HIPAA Security Risk Analysis and Implement Appropriate Safeguards

For healthcare providers, security breaches involving protected health information (PHI) have become common occurrences. Many of these security breaches involve stolen laptops or other portable electronic devices, including CDs, DVDs, and USB flash drives. According to HIPAA, covered entities must ensure appropriate safeguards are in place to protect ePHI.

In addition, a risk analysis must be conducted to identify and implement the appropriate safeguards. There are 9 essential elements to incorporate into a risk analysis:

  • Scope of the Analysis: Review all ePHI created, received, maintained, or transmitted by your organization.
  • Data Collection: Gather and document the data on ePHI gathered using the methods above.
  • Identify and Document Potential Threats: Identify and document any potential threats and vulnerabilities associated with ePHI.
  • Assess Current Security Measures: Assess and document the current security measures used to protect ePHI.
  • Determine the Likelihood of Threat Occurrence: Consider the likelihood of potential risks to ePHI.
  • Determine the Potential Impact of Threat Occurrence: Consider the impact of potential risks to confidentiality, integrity, and availability of ePHI.
  • Determine the Level of Risk: Analyze the likelihood of threat occurrence and the resulting impact to determine the level of risk.
  • Finalize Documentation: Document the risk analysis from beginning to end.
  • Review and Update the Risk Assessment: Update and document the risk analysis process on a regular basis.

Once you’ve conducted a risk analysis, start implementing appropriate security measures to protect ePHI and mitigate the risk of a security breach. Here’s a few examples of appropriate safeguards:

  • Require two-factor authentication to gain remote access to systems containing ePHI.
  • Enforce session termination on inactive portable or remote devices.
  • Install and update anti-virus software on portable or remote devices.
  • Install firewalls on laptops that store ePHI.
  • Encrypt ePHI stored on laptops and other devices.
  • Password protect all laptops or portable devices containing ePHI.
  • Establish remote access roles specific to business requirements.
  • Implement strong encryption for transmission of ePHI.

To learn more about the elements of a HIPAA security risk analysis, give us a call at (888) 330-8808 or send us an email at Integris can help you conduct a thorough risk analysis and implement appropriate safeguards to protect ePHI.

We're Integris. We're always working to empower people through technology.

Keep reading

Cybersecurity: The Operating Expense that Makes You Money

Cybersecurity: The Operating Expense that Makes You Money

When I went to college, I, like many of you, had to lay down a lot of cash for a lot of things. Tuition. Books. A computer. Even those late-night pizzas and ramen noodles. But, in the end, those expenses were worth it, because it established a foundation for me...

Mac Cybersecurity Tips for Business

Mac Cybersecurity Tips for Business

Looking for Mac Security Services for Your Business? Here's What You Need to Know to Outfit and Secure a Mac-Based Office. It happens at nearly every business. You've built your operations around PCs, yet, there's that small contingent of employees who insist they'd...