0
Top


Talk to us

Subscribe for Newsletters
ANALÍTICO – HIPAA Institute’s Risk Governance Framework

HIPAA Risk Governance is made up of: (a) Risk Assessment, (b) Risk Analysis, and (c) Risk Management. Risk Governance is the foundation of a covered entity’s compliance program, and is an ongoing process that requires input and support from key players of the organization. The governance process should appropriately protect and ensure confidentiality, availability and integrity of protected health information.

Risk Assessment

One of the most important steps within a HIPAA risk governance program is to test compliance with the HIPAA Privacy & Security Rules. The HIPAA risk assessment process involves conducting an in-depth review and analysis of policies, procedures and documentation within the organization. This exercise requires working together with staff to test their understanding of the requirements with current policies, procedures and controls to assess potential compliance gaps of the HIPAA Privacy & Security Rule requirements. Read more...

Risk Analysis

The HIPAA Security Rule 45 C.F.R. §164.302 - 164.318 discusses the requirements to ensure the confidentiality, integrity and availability (CIA) of electronic protected health information (e-PHI). One very important step to do this is specifically addressed is the risk analysis requirement described in the HIPAA Security Rule 45 C.F.R. §164.308. Read more...

Risk Management

The HIPAA Security Standard §164.308(a)(1)(ii)(B) requires a covered entity to implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to appropriately security electronic protected health information (ePHI), as part of its risk governance. Read more...

HIPAA Risk Management steps include:

  • Developing and implementing a risk management plan
  • Implementing appropriate controls and measures to secure electronic protected health information (ePHI)
  • Review and maintenance of the chosen security controls and measures