HIPAA Risk & Security Assessment

To conform with HIPAA-HITECH, covered entities and business associates must develop, implement, and enforce a comprehensive program that includes administrative, physical, technical, and organizational safeguards for the organization as well as those attributes related to business associates.

In addition to conforming with HIPAA safeguards, organizations are responsible for taking steps to ensure that their affiliates and service providers safeguard customer information in their care, collectively, Business Associates under Business Associate Agreements (BAA).

Our HIPAA risk assessment includes:

  • Risk analysis and management (administrative, physical, technical, & organizational)
  • Security and privacy training
  • Physical security of facilities and mobile devices
  • Off-site access and use of ePHI from remote locations
  • Storage of ePHI on portable devices and media
  • Disposal of equipment containing ePHI
  • Business associates and contracts
  • Data encryption
  • Virus protection
  • Technical safeguards in place to protect ePHI
  • Monitoring of access to ePHI
  • Network vulnerability scan
  • Policies, procedures and practices with regard to security, privacy and information technology
  • Governance, Risk, & Compliance (GRC) Software Program



Download the 2015 Guide to Privacy and Security of Electronic Health Information guide from HealthIT.gov

The purpose of the HIPAA risk assessment is to provide an independent evaluation of the current conformance environment of the practice as it relates to mandated Centers for Medicare and the Medicaid Services (CMS) requirement for performing a Meaningful Use Core Requirement 15 Risk Analysis prior to incentive attestation.

A HIPAA risk assessment also provides an independent evaluation of the practice with respect to its mandated conformance with the Health and Human Services (HHS) Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) risk assessment (collectively “HIPAA”).

Let our security professionals assist you with all of your HIPAA compliance requirements beginning with your HIPAA risk assessment. Contact us today.