HIPAA PoliceConduct a HIPAA Security Risk Analysis and Implement Appropriate Safeguards

For healthcare providers, security breaches involving protected health information (PHI) have become common occurrences. Many of these security breaches involve stolen laptops or other portable electronic devices, including CDs, DVDs, and USB flash drives. According to HIPAA, covered entities must ensure appropriate safeguards are in place to protect ePHI.

In addition, a risk analysis must be conducted to identify and implement the appropriate safeguards. There are 9 essential elements to incorporate into a risk analysis:

  • Scope of the Analysis: Review all ePHI created, received, maintained, or transmitted by your organization.
  • Data Collection: Gather and document the data on ePHI gathered using the methods above.
  • Identify and Document Potential Threats: Identify and document any potential threats and vulnerabilities associated with ePHI.
  • Assess Current Security Measures: Assess and document the current security measures used to protect ePHI.
  • Determine the Likelihood of Threat Occurrence: Consider the likelihood of potential risks to ePHI.
  • Determine the Potential Impact of Threat Occurrence: Consider the impact of potential risks to confidentiality, integrity, and availability of ePHI.
  • Determine the Level of Risk: Analyze the likelihood of threat occurrence and the resulting impact to determine the level of risk.
  • Finalize Documentation: Document the risk analysis from beginning to end.
  • Review and Update the Risk Assessment: Update and document the risk analysis process on a regular basis.

Once you’ve conducted a risk analysis, start implementing appropriate security measures to protect ePHI and mitigate the risk of a security breach. Here’s a few examples of appropriate safeguards:

  • Require two-factor authentication to gain remote access to systems containing ePHI.
  • Enforce session termination on inactive portable or remote devices.
  • Install and update anti-virus software on portable or remote devices.
  • Install firewalls on laptops that store ePHI.
  • Encrypt ePHI stored on laptops and other devices.
  • Password protect all laptops or portable devices containing ePHI.
  • Establish remote access roles specific to business requirements.
  • Implement strong encryption for transmission of ePHI.

To learn more about the elements of a HIPAA security risk analysis, give us a call at (415) 294-5250 or send us an email at info@ontimetech.com. On Time Tech can help you conduct a thorough risk analysis and implement appropriate safeguards to protect ePHI.

Author: Lance Stone, Date: 2014-04-14

On Time Tech is your One Click & Fixed San Francisco Managed IT Services & IT Support Company.

We’ve Got the “One Click & Fixed” IT Solutions Your California Business Needs

These days, people are looking for convenience in computer support services that don’t waste their time [..]

Read More

The Benefits of Using IT Managed Services 

Discover the many benefits of partnering up with an IT Managed Service Provider. Today, many businesses a[..]

Read More

On Time Tech Makes List of Top 100 Small Business Managed Service Providers Worldwide

The team of IT experts at On Time Tech is thrilled to announce that they have been recognized as one of th[..]

Read More