An annual HIPAA risk analysis is required by law.
The Health Insurance Portability and Accountability Act (HIPAA) requires that all covered entities and their business associates have an annual risk analysis, with supporting documentation. This affects health care providers, health insurance plans, and anyone else who handles medical data as part of their business operations.
A risk analysis needs to:
- identify where all ePHI is stored
- identify any potential threats or vulnerabilities
- assess current security measures
- determine the likelihood of a threat
- determine the potential impact of a threat
- determine the overall risk
- include supporting documentation
Because of the complexity of a risk analysis, it's recommended that a qualified IT provider complete the assessment on behalf of your organization.
AIE offers advanced HIPAA risk analysis services.
AIE offers HIPAA risk analysis services, starting with a basic, one-time risk analysis. We move on from there and offer project work to bring your IT network into compliance with HIPAA, as well as managed compliance plans to keep you HIPAA-compliant.
A basic risk analysis with AIE includes:
- a HIPAA policies and procedures best practice guide, developed by experts
- a full HIPAA risk analysis, with review from an AIE engineer
- evidence of HIPAA compliance, including all supporting documentation
- a meeting with an AIE engineer to review their findings and determine possible steps forward
Is your network HIPAA compliant?
Call 630-936-4045, ext. 2 to discuss your assessment needs today!