What is a Security Risk Analysis?

All medical practices and business associates must conduct a HIPAA Security Risk Analysis under the HIPAA Security Rule. Having the required documented will protect your organization from annual gaps in required information and documents.

Should the organization be investigated by the Office for Civil Rights (OCR) due to data breach or patient/disgruntled employee, the investigator may review at a minimum a 12 month look back on your documentation. You must have in place "recognized security practices" and that includes a security risk analysis. Fines and penalties may be reduced and even waived if you demonstrate these good faith efforts.

Even cash practices have been fined for not adhering to the HIPAA privacy rules. Best practice is to conduct a thorough risk analysis that includes the privacy and security rules. Aris' 7-Step platform does just that!

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

What is a Business Associate?

A Business Associate is a person or entity that performs certain functions or activities that...

What is PHI and ePHI?

PHI stands for Protected Health Information. There are 18 identifiers and includes patient...

What is the HIPAA Security Rule?

The National Institute of Standards and Technology (NIST) wrote the Security Rule. The...

What is the OIG exclusions list?

OIG (Office of Inspector General) Exclusions list: It is very important to make sure you do not...

What is Recognized Security Practices?

When an organization is investigated by the Office for Civil Rights a minimum of a one year look...