What is a HIPAA Risk Assessment?

What is a HIPAA Risk Assessment?

It’s not surprising that there is confusion surrounding the term, and how it differs to a HIPAA Risk Analysis or HIPAA Security Assessment. In fact, the answer you get will largely depend on who you ask. So is there a difference? We look at how these terms are used and what is generally being referred to when someone uses the term HIPAA risk assessment.

What is a HIPAA Risk Assessment?

First, let me point out that too many organizations have a fluid and interchangable usage of the terms “assessment” and “analysis” in relation to HIPAA compliance requirements.  Throw in the terms “risk” and “security” and you start to see combinations that obscure all clarity around these key requirements!

For example, HealthIT.gov refers to a “Security Risk Assessment.”

Confused yet?

Generally speaking, when the term “HIPAA risk assessment” is used it tends to refer to what is defined within the regulation as a HIPAA Risk Analysis:

HIPAA Risk Analysis

As required by the HIPAA Security Rule at 45 CFR §164.308(a)(1)(ii)(A).

(A) Risk analysis (Required). Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate.

(B) Risk management (Required). Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with § 164.306(a)

Yet despite the technical use of HIPAA Risk Analysis within the regulation itself, even HHS named their downloadable guide the “Security Risk Assessment Tool.” (On that note, be wary that this tool does not constitute a complete Risk Analysis as required by the HIPAA Security Rule!)

Still Confused?

We present a great free webinar that clarifies the difference between a HIPAA Risk Analysis and a HIPAA Security Assessment.  You might also be interested in the Clearwater Compliance White Paper: Risky Business: How to Conduct a Bona Fide HIPAA Security Risk Analysis

HIPAA Risk Assessment Solutions

Semantics aside, we offer robust, clear solutions to help your organization meet the requirements laid out by the HIPAA-HITECH Rules.

Our HIPAA Risk Analysis Workshop pairs a complete HIPAA Risk Analysis with a subscription to our IRM|Analysis software, giving you a total solution that not only helps you to get and remain compliant, but reduces your future compliance costs.

For more information about these services, please contact our team.

Clearwater

Clearwater helps healthcare organizations ensure patient safety and improve the quality of care by safeguarding the confidentiality, integrity and availability of protected health information (PHI).

We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.
Avatar
Posted in
Avatar
Clearwater
Clearwater helps healthcare organizations ensure patient safety and improve the quality of care by safeguarding the confidentiality, integrity and availability of protected health information (PHI). We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.
Subscribe to our newsletter

Our monthly eNewsletter which includes industry articles and white papers that we’ve gathered for you. We’re confident you’ll find a nugget or two among them!

ocr-quality-stamp-tm-home

Clearwater-provided risk analyses have a 100% acceptance rate when submitted to the Office for Civil Rights.

About Clearwater

Clearwater provides the most complete and trusted, enterprise-class cyber risk management solution available. Designed for healthcare providers and their partners, Clearwater’s IRM|Pro™ platform and experienced professional services team provide insights and actions to address compliance, cyber and patient safety risks. Clearwater is a 2017 Inc. 5000 fastest-growing company, the 2018 Best in KLAS winner in Cybersecurity Advisory Services, the 2017, 2018, and 2019 Black Book Marketing Research winner in Compliance and Risk Management Solutions, and exclusively endorsed by numerous state hospital associations. Clearwater solutions have been deployed within hundreds of hospitals and health systems, Fortune 100 organizations, and federal government institutions. 

Show Buttons
Hide Buttons