The Department of Health and Human Services (“DHHS”) requires covered entities and now business associates to conduct a written risk analysis. A written risk analysis is the first step toward implementing safeguards specified in the HIPAA Security Rule and implementing “reasonable and appropriate” security measures in the HIPAA Privacy Rule. We consider the written risk analysis as the first step towards achieving HIPAA compliance. Jonathan P. Tomes, president of Veterans Press, Inc., and EMR Legal, Inc., often says, “If you implement HIPAA policies and procedures without first having conducted a written risk analysis, then you are just guessing.”
Most HIPAA civil money penalties to date have involved lack of a written risk analysis or an outdated HIPAA risk analysis. Don’t become a statistic with DHHS or become a member of the “Big Breachers Wall of Shame” on the DHHS website. To complete your organization’s required HIPAA risk analysis, use our HIPAA Risk Analysis ToolKit, now offered stand alone or along with the HIPAA Compliance Library. As with the HIPAA Gap Analysis Survey Questionnaire, you will receive feedback on your written risk analysis from our HIPAA experts, which includes: a review with a written report and a confidential phone consultation. The Risk Analysis ToolKit is created in Microsoft® Word tables for ease of use, and we tell you what information to put into each table with samples. Satisfy both your organization and the federal government with a thorough and complete written HIPAA Risk Analysis.
- Did not perform a Risk Analysis.
- Did not have a formalized, documented Risk Analysis process.
- Had an outdated Risk Analysis.
- Did not address all potential areas of security risk of your Protected Health Information (PHI) .
DHHS findings almost always cite failure to perform or update a risk analysis at the top of their list for non-compliance in these four categories:
HIPAA Risk Analysis ToolKit with confidential report and phone consultation–$500.
If your organization is larger than 5 departments requiring HIPAA Risk Analysis, please call for pricing. (855) 341-8783