Keep Your Medical Clinic Out Of Hot Water With The HIPAA Police!


April 7, 2014

Conduct a HIPAA Security Risk Analysis and Implement Appropriate Safeguards

For healthcare providers, security breaches involving protected health information (PHI) have become common occurrences. Many of these security breaches involve stolen laptops or other portable electronic devices, including CDs, DVDs, and USB flash drives. According to HIPAA, covered entities must ensure appropriate safeguards are in place to protect ePHI.

In addition, a risk analysis must be conducted to identify and implement the appropriate safeguards. There are 9 essential elements to incorporate into a risk analysis:

  • Scope of the Analysis: Review all ePHI created, received, maintained, or transmitted by your organization.
  • Data Collection: Gather and document the data on ePHI gathered using the methods above.
  • Identify and Document Potential Threats: Identify and document any potential threats and vulnerabilities associated with ePHI.
  • Assess Current Security Measures: Assess and document the current security measures used to protect ePHI.
  • Determine the Likelihood of Threat Occurrence: Consider the likelihood of potential risks to ePHI.
  • Determine the Potential Impact of Threat Occurrence: Consider the impact of potential risks to confidentiality, integrity, and availability of ePHI.
  • Determine the Level of Risk: Analyze the likelihood of threat occurrence and the resulting impact to determine the level of risk.
  • Finalize Documentation: Document the risk analysis from beginning to end.
  • Review and Update the Risk Assessment: Update and document the risk analysis process on a regular basis.

Once you’ve conducted a risk analysis, start implementing appropriate security measures to protect ePHI and mitigate the risk of a security breach. Here’s a few examples of appropriate safeguards:

  • Require two-factor authentication to gain remote access to systems containing ePHI.
  • Enforce session termination on inactive portable or remote devices.
  • Install and update anti-virus software on portable or remote devices.
  • Install firewalls on laptops that store ePHI.
  • Encrypt ePHI stored on laptops and other devices.
  • Password protect all laptops or portable devices containing ePHI.
  • Establish remote access roles specific to business requirements.
  • Implement strong encryption for transmission of ePHI.

To learn more about the elements of a HIPAA security risk analysis, give us a call at (888) 330-8808 or send us an email at [email protected]. Integris can help you conduct a thorough risk analysis and implement appropriate safeguards to protect ePHI.

We're Integris. We're always working to empower people through technology.

Keep reading

Managed IT Services St. Paul: 5 Powerful Advantages for Businesses

Managed IT Services St. Paul: 5 Powerful Advantages for Businesses

As a business owner, it's important to make the most of your resources. This includes finding cost-effective solutions for managing and maintaining your company's technology. Keeping a competitive edge in your industry requires secure, modern tech that allows your...

IT Support Minneapolis: Where to Find Top IT Services in Minneapolis

IT Support Minneapolis: Where to Find Top IT Services in Minneapolis

If you’re wondering where to find top IT services in Minneapolis, it’s important to identify providers that offer a wide range of support, have great service and provide solid tech expertise. Comprehensive technology insight is especially important when it comes to IT...

Webinar: Email Security that Doesn’t Suck…

Webinar: Email Security that Doesn’t Suck…

Trustifi and Security 7 present Email Security That Doesn’t Suck.  In today’s age of over-complicated security tools, it is extremely difficult to manage the fine balance between security and productivity.   {% video_player "embed_player" overrideable=False,...