Our Services
You need full visibility into your highest risks, as well as actionable and practical plans for achieving compliance. We can help. We help organizations in identifying and implementing the most effective and appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of electronic protected health information (“ePHI”).
Our HIPAA Security Rule Risk Analysis is designed to meet the requirements of 45 CFR § 164.308(a)(1)(ii)(A). Upon completion of the analysis, an organization will have a roadmap which it can use to efficiently and effectively allocate its resources in mitigating its risk exposure.
Our Assessment process includes
Identify
Software & hardware (“Assets”) used to create, store, and transmit ePHI
Map
Security Rule policies & procedures to HIPAA’s Administrative, Physical, and Technical safeguards and complete a data flow map of where ePHI is generated, transmitted, and stored
Label
Natural, human and environmental threats to ePHI being held
Discover
Technical & non-technical vulnerabilities that a threat may take advantage of to gain access to ePHI
Interview
HIPAA Security Officer and select team members to assess how the organization’s Security Rule policies and procedures are operationalized
Perform
Walk-through of the organization’s physical office to access physical security
Report
Findings of the assessment, a risk score for each Asset, and recommended remediation steps an organization could take to mitigate its risk exposure
