Risk Analysis: Tips for Health Care Practitioners

By Eric Nelson, CIPP, Director, Breach Prevention | May 3, 2011

Additional information can be found at the US Department of Health and Human Services Web site (http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html).

Any health care practitioner who collects, manages, and stores patient information faces the risk that his or her data may be lost, misused, or accessed by or disclosed to unauthorized individuals. While technology (eg, encryption) may provide some level of protection, it is only one component of an effective security program.

The Health Insurance Portability and Accountability Act (HIPAA) Security and Privacy Rules apply to all covered entities, regardless of size, and require the implementation of administrative, technical, and physical safeguards. The first step, and required under the Security Rule–Administrative Safeguards, is to perform a risk analysis. The HIPAA risk analysis requirement specifically states:

Although the Security Rule applies only to electronic health information, the Privacy Rule requires safeguarding any type or medium of protected health information (PHI). Steps to perform a risk analysis are:

1. Identify the information that your practice collects, manages, and shares. 

2. Identify third-party risks.

3. Identify and document potential threats and vulnerabilities. 

4. Assess security measures, policies, and procedures.

5. Determine the level of risk and potential impact of threats.

Finally, risk analysis is not a one-time exercise. …it is an ongoing process …

Retrieved 1/24/12.

Leave a comment

What do you think?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s