HIPAA Security Risk Analysis Renewal  – do I really need to do this again?

HIPAA Risk Analysis renewalDid you know that every medical practice and business associate is required under the Security Rule to conduct a HIPAA Risk Analysis at a minimum every three years to determine if their current safeguards still adequately protect the confidentiality, integrity, and availability of Electronic Protected Health Information (ePHI)? As technology continues to change, we must keep up and ensure our data is still protected. Think about every time we must upgrade our computer operating systems because they are no longer supported by Microsoft or Apple. If we choose not to upgrade, our data is at risk for a data breach. As technology changes, so must we!

Annual renewals are recommended, however, if nothing has really changed within your medical practice or business organization you can review what you have in place. Be sure to document this! Keep in mind if you make any major changes or suffer a data breach within your organization, you will be required to conduct a Risk Analysis more frequently.

Use the table below to determine what is best for your organization:

If your organization has:

  • Replaced any network servers or computers
  • Replaced or added a firewall device or domain controller
  • Changed or added any software that contains ePHI
  • Changed from premise based to cloud based storage or access to ePHI
  • Changed Security Officers
  • Had multiple security incidents or a data breach

Then you need to renew your Risk Analysis

If your organization has:

  • Not added any new computer hardware or software
  • Not replaced or added a firewall or domain controller
  • Not changed or added any software that contains ePHI
  • Not changed EHR or PM software
  • Not changed Security Officers
  • Not experience a data breach or repeated security incidents
  • and you are still implementing your existing Policies and Procedures

Then you do not need to renew, but may want to consider continued support

Aris Medical Solutions offers three types of HIPAA Risk Analysis Renewals. Pricing is based on the size of your organization and the number of locations. Select the package that is best for your organization:

Maintenance Plan


  • Access to your Policies, Procedures, and Documentation as needed through Aris’ online portal
  • Ability to update Policies, Procedures, and Documentation as needed
  • This includes continued email support

Standard Renewal


  • Aris performs your Risk Analysis remotely
  • The client will complete an online questionnaire,
  • The client will email pictures of the facility “walk through”
  • Then Aris creates your Risk Management Plan
  • This package includes access to your Privacy and Security Policies, Procedures, and Documentation through Aris’ online portal
  • This includes continued email and phone support

Premium Renewal


  • Aris performs your Risk Analysis on-site
  • Aris will coordinate an onsite visit and complete the questionnaire
  • Aris will take the “walk-through” pictures of the facility
  • Then Aris creates your Risk Management Plan
  • This package includes access to your Privacy and Security Policies, Procedures, and Documentation through Aris’ online portal
  • Live Webinar training is included for the entire staff with customized topics
  • This includes continued email and phone suppor

Contact us for more information.

Aris protects their clients through Partnership, Education, and Support!