Keep Your Medical Clinic Out Of Hot Water With The HIPAA Police!


April 7, 2014

Conduct a HIPAA Security Risk Analysis and Implement Appropriate Safeguards

For healthcare providers, security breaches involving protected health information (PHI) have become common occurrences. Many of these security breaches involve stolen laptops or other portable electronic devices, including CDs, DVDs, and USB flash drives. According to HIPAA, covered entities must ensure appropriate safeguards are in place to protect ePHI.

In addition, a risk analysis must be conducted to identify and implement the appropriate safeguards. There are 9 essential elements to incorporate into a risk analysis:

  • Scope of the Analysis: Review all ePHI created, received, maintained, or transmitted by your organization.
  • Data Collection: Gather and document the data on ePHI gathered using the methods above.
  • Identify and Document Potential Threats: Identify and document any potential threats and vulnerabilities associated with ePHI.
  • Assess Current Security Measures: Assess and document the current security measures used to protect ePHI.
  • Determine the Likelihood of Threat Occurrence: Consider the likelihood of potential risks to ePHI.
  • Determine the Potential Impact of Threat Occurrence: Consider the impact of potential risks to confidentiality, integrity, and availability of ePHI.
  • Determine the Level of Risk: Analyze the likelihood of threat occurrence and the resulting impact to determine the level of risk.
  • Finalize Documentation: Document the risk analysis from beginning to end.
  • Review and Update the Risk Assessment: Update and document the risk analysis process on a regular basis.

Once you’ve conducted a risk analysis, start implementing appropriate security measures to protect ePHI and mitigate the risk of a security breach. Here’s a few examples of appropriate safeguards:

  • Require two-factor authentication to gain remote access to systems containing ePHI.
  • Enforce session termination on inactive portable or remote devices.
  • Install and update anti-virus software on portable or remote devices.
  • Install firewalls on laptops that store ePHI.
  • Encrypt ePHI stored on laptops and other devices.
  • Password protect all laptops or portable devices containing ePHI.
  • Establish remote access roles specific to business requirements.
  • Implement strong encryption for transmission of ePHI.

To learn more about the elements of a HIPAA security risk analysis, give us a call at (888) 330-8808 or send us an email at [email protected]. Integris can help you conduct a thorough risk analysis and implement appropriate safeguards to protect ePHI.

We're Integris. We're always working to empower people through technology.

Keep reading

How to Choose an IT Consultant in Boulder, CO

Regardless of industry size or type, Boulder IT consultants play a massive role in the way companies in the Boulder area do business. While most companies may have their own in-house IT department, many of these departments are small and cannot handle all the...

7 Signs Your Denver Business Needs a Tech Update

Regardless of size or industry, technology is an essential part of every Denver business. That being said, technological improvements and advancements can develop quite quickly, leaving some businesses scrambling to keep up. While many businesses cite expenses in the...

Cybersecurity best practices for Boston Businesses

Securing your businesses sensitive data, networks, and devices is non-negotiable in the technologically-driven world we live in. Whether you are a small business or or corporation in Boston, it is imperative that you prioritize cybersecurity. It is no longer enough to...