The Essential First Step


Risk Assessments

HIPAA Compliance Starts With a Risk Assessment

A practice-wide, up-to-date risk assessment is the foundation of HIPAA compliance, and the very first question on the OCR audit protocol

The HIPAA.host risk assessment process will save your staff hundreds of hours of work. You'll sleep better, confident that your compliance strategy is on a sure foundation.

How Do You Conduct an Effective Risk Assessment?

A risk assessment is more than a checklist, more than a network scan. It needs to cover all your business processes, not just IT, and it needs to offer specific guidance to improve security.

The HIPAA.host process will save your staff hundreds of hours of work and you'll feel confident that your HIPAA strategy is on a sure foundation, with a solid plan for moving forward. When you work with HIPAA.host, our experts will interview your management and technology staff in person to:

  1. Inventory all systems, from your EHR to your paper files to your staff training
  2. Review policies and procedures, check business associate agreements
  3. Identify technical and non-technical process vulnerabilities
  4. Conduct a vulnerability scan of your local computer network
  5. Deliver specific, action-oriented recommendations aligned to your strategic goals

Risk Assessment Process

Risk Management

We'll support your practice manager and IT staff through the ongoing risk management process, with an online compliance portal to help you stay organized and quarterly meetings to ensure you are always showing progress.

Policies and Procedures

Policy templates don't work if you don't customize them. We don't offer fill-in-the-blank templates. We deliver complete documentation that accurately reflects your actual policies and procedures.

Training

Security training is essential for mitigating the risk of insider misuse. It's also required by HIPAA. We can train your staff in-person at your location or ours. Or sign up for our affordable online training, with automatic compliance reporting

A Risk Management Plan You Can Understand

Our risk assessment report usually weighs in at around 90 pages with 70 or 80 specific recommendations for improving security. Now what?

HIPAA Compliance is a Journey, Not A Destination

Your risk assessment will identify actual threats to your patients' data and realistically evaluate the likelihood of a breach. Likelihood plus potential impact are the key factors to consider when evaluating risk levels. The risk levels identified during the risk assessment phase are what determine the priorities of the ongoing risk management phase.

We deliver our report in print, and also on the HIPAA.host Online Compliance Portal, a secure web-based app where your team can manage all your compliance documentation. Your risk management plan is ranked by our proprietary const-benefit algorithm. We meet with clients quarterly to review and update the plan, ensuring you are always demonstrating progress.

The Costs of Non-Compliance

Even Small Practices Risk Huge HIPAA Fines

Healthcare is a target in this golden age of data breaches and identity theft. HIPAA enforcement is heating up too, and fines can be astronomical.

The Department of Health and Human Services has identified small healthcare practices as a special focus for upcoming HIPAA audits. Some recent fines for non-compliance:

  • Twelve-physician practice. Lost flash drive: $150,000
  • Thirteen-physician practice. Laptop smash-and-grab from employee's car: $750,000
  • Two-physician practice, 441 patient records. Stolen laptop: $50,000
  • Snooping employee, two patient records compromised: $865,500
In each of these cases, the Department identified the primary HIPAA violation as the failure to conduct a risk assessment. Data breaches can happen even in spite of the best security measures. It's the presence or absence of a HIPAA risk assessment that determines how high the fines will go.

Schedule a Risk Assessment Today

Let HIPAA.host help you achieve peace of mind. We'll answer your questions and together work toward achieving best security practices, making HIPAA compliance affordable and easily within your reach.