Assess Your Risks
Regulatory Compliance Risk Assessment
In order to ensure you have a comprehensive plan for maintaining HIPAA compliance, you have to know where the gaps are. This involves conducting ongoing risk assessments of your processes.
You should conduct an assessment each time you set out to establish or revise your processes. Since the nature of your business and the laws governing the protection of patient information can change quickly and frequently, it’s important to assess your risks on a regular basis.
Some important considerations:
- Conduct a risk analysis of where and how protected health information is being used to identify vulnerabilities in your HIPAA policies and procedures.
- Conduct regular reviews of your information system activity to track access and identify any potential anomalies.
NOTE: Computers aren’t the only place where electronic patient health information could be at risk. Photocopiers and printers often store scanned or printed documents in their memory or print cue. Be sure to consider these and other potential places where information might be stored in your risk assessment and create policies to address them.
HIPAA Risk Assessment Tools
How the HIPAA Institute can help?
The HIPAA Institute offers a set of tools to take the guesswork out of conducting a compliance risk assessment. So you can take commercially reasonable actions to ensure your patient information and trust stays intact.
- Risk assessment checklist: Series of questions designed to help identify potential gaps in your compliance plan.
- Website and Privacy checklists: Online checklists to help you get your website and organization in compliance.
- Security checklist: Online checklist to help you assess implementation of different regulations and safeguards for HIPAA Security Rule in your organization.
- Vulnerability Assessment: A checklist to identify the core areas that an organization should address within the broad spectrum of risk analysis.
- On-Site HIPAA Inspection Checklist: A checklist that has been designed to help you perform your own inspection of HIPAA readiness related to People, Processes and Technology.
- Risk Assessment Coach – Review: Get your checklist answers reviewed by our HIPAA specialists who will be working with you to prepare a remediation and implementation plan for your organization.
- Breach Notification Checklist: This checklist is designed to provide guidance, understand severity, identify immediate actions and corrective steps, and prepare for the four different types of notifications required to be submitted in the event of a breach.