top of page
Writer's pictureDiane Evans

Assess your HIPAA Risk Assessment


By Diane Evans 


Once again, another data breach – resulting in federal fines – sends a compelling message to healthcare executives:  Do what’s in your power to prevent breaches,  and that entails a comprehensive risk assessment.  

Risk Assessment reveals potential vulnerabilities to your data security.  By identifying  these vulnerabilities, you can apply proven practices to prevent data breaches – and avoid the disruptions.  

The big challenge is to identify and evaluate the security of all places where data could potentially be accessed, both in electronic formats and on paper.  This requires an assessment of all places where protected information is created, maintained, received, or transmitted. 

Here are some things to consider:


Preparation 


 Do you have documented processes that will guide managers in identifying risks and assessing the security of all places where private information may be accessed. 

You will need:

     Mapping and inventory processes

     Workflow Analysis

     Risk Assessment processes and documentation 


Assignments


Do you assign specific duties to managers to evaluate their respective departments for risk, and set deadlines for completing reports? Keep in mind:

     Program Assessments

     Building Assessments

     IT Assessments

     Training Assessments


Remediation


Do you act quickly to address bad practices that pose high risks?  Focus on high risks with the greatest potential for disruption as you:

     Prioritize

     Evaluate

     Act



Action Item for Long Term Care Executives:  Read about best practices for preventing cybercrime  on the federal government’s website


#HIPAA Compliance

#Risk assessment under HIPAA 

#Data management for long-term care

#Data security best practices for long-term care


About the author


Diane Evans is founder of Guarded Edge, which offers training and an in-house implementation plan for compliance with the Health Insurance Portability and Accountability Act (HIPAA) within long-term care.  Diane can be reached at devans@guardededge.com.  She has offered accredited training for state and national organizations, including the Health Care Compliance Association and the Cleveland Metropolitan Bar Association.



5 views0 comments

Recent Posts

See All

Comments


bottom of page