HIPAA Security Risk Assessment (SRA)

Security Risk AssessmentThe Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires that covered entities conduct a risk assessment of their healthcare organization. A HIPAA Security Risk Assessment helps your organization ensure it is compliant with HIPAA’s administrative, physical, and technical safeguards. A risk assessment also helps reveal areas where your organization’s protected health information (PHI) could be at risk.

Did You Know?

  • HIPAA Security Rule 45 C.F.R. §§ 164.308(a)(1)(ii) on Security Risk Assessments is required to meet Meaningful Use requirements.
  • HITECH/Meaningful Use requires Security Risk Assessments be completed each reporting period.
  • The biggest findings on violations is that organization(s) did not complete a Security Risk Assessment or their Security Risk Assessment was incomplete or inaccurate.
  • The ONC recommends that HIPAA Security Risk Assessments be completed by a Third-Party company.
  • You cannot utilize technology alone to self-assess to comply with the HIPAA security rule!

How Does ITelagen Help?

ITelagen provides the guidance, methodology, advice and commitment for ensuring HIPAA Security compliance with the use of NextGen® EHR:

  • Review and update PHI inventory to determine where electronic and other data is located
  • Examination of the three safeguards required by HIPAA Security Rule 45 C.F.R. §§ 164.308(a)(1)(ii) — administrative, physical and technical, including the latest Omnibus Rules changes.
  • Assessment of current HIPAA security compliance operations including safeguards in place, as well as vulnerabilities and specific threats to safeguards
  • Evaluation of existing security policies and procedures to ensure they are sufficient to be effective, currently operational, and meet compliance programs appropriate for your size organization

Our Security Risk Assessment for NextGen® was developed by our HIPAA security professionals, meets and exceeds the standards required by the HIPAA Security Rule 45 C.F.R. §§ 164.308(a)(1)(ii) and will stand-up in an audit compliance review. SRA’s are offered as a packaged service to help guide, implement and maintain your information security and compliance program.