Risk Assessments
The Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires that covered entities and its business associates conduct a risk assessment of their healthcare organization. A risk assessment helps reveal areas where your organization’s protected health information (PHI) could be at risk. The requirement for Covered Entities and Business Associates to conduct a HIPAA risk assessment is not a new provision of the Health Insurance Portability and Accountability Act.
The requirement was first introduced in 2003 in the HIPAA Security Rule (45 CFR § 164.308 – Security Management Process) and was subsequently extended in the HITECH Act 2009 to cover the procedures following a breach of unsecured PHI to determine if there is a significant risk of harm to an individual due to the impermissible use or disclosure. A HIPAA risk assessment is not a one-time exercise. Assessments should be reviewed periodically and as new work practices are implemented or new technology is introduced.
We,at Scoleo, conduct comprehensive risk assessments and also offer an actionable risk management plan that helps organizations remediate the risks identified in the assessment.