Many organizations are looking for a simple hipaa security checklist to help them complete the HIPAA Security Risk Analysis (per 45 CFR 164.308(a)(1)(ii)(A)) for a variety of reasons. The two most prevalent reasons are: 1) compliance with the HIPAA Security Final Rule; and, 2) in the case if eligible hospitals and eligible providers seeking Meaningful Use incentive money, meeting the Stage I requirements.
Here’s today’s big tip – Choose your tool / methodology carefully…
HIPAA Security Risk Analysis Checklist
Be careful when choosing tools, templates and methods on the market or available for free. We suggest you consider these seven steps:
- Form a cross functional business team with operations, legal, HR, compliance, administration and IT as members.
- Set your business risk management goals before you select a tool or template or methodology – what problem are you trying to solve?
- Learn the exact requirements in the Risk Analysis Implementation Specification.
- Establish your Risk Analysis scope to include all information assets that create, receive, maintain or transmit ePHI.
- Read the HHS/OCR “Guidance on Risk Analysis Requirements under the HIPAA Security Rule” issued in July 2010.
- Use the Nine (9) essential elements of an acceptable Risk Analysis as a key part of your evaluation and selection criteria!
- If you choose a tool, choose a reputable firm with a proven track record and reference-able customers in your segment of healthcare.
As required by The HITECH Act, the Office for Civil Rights has issued final “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”. (July 2010). We advise all Covered Entities and Business Associates to review the Final Guidance and become familiar with the applicable standards and implementation specifications.
Want a real hipaa security checklist? Learn more…
Please avail yourself of any of these free resources which you may access now by clicking on the links below:
- Risk Analysis Buyer’s Guide
- Expert 2nd Opinion on Your HIPAA Risk Analysis
- Clearwater Compliance White Paper: Risky Business: How to Conduct a Bona Fide HIPAA Security Risk Analysis
- Clearwater Recorded Webinar event entitled How to Conduct a Bona Fide HIPAA Security Risk Analysis
- IRM|Analysis™- Clearwater’s Risk Analysis and Risk Management software DataSheet
- IRM|Analysis™- Clearwater’s Risk Analysis and Risk Management software Free Trial for qualified organizations
- More Risk Analysis Resources
Latest posts by Bob Chaput (see all)
- HIPAA Risk Analysis Tip – Part 5 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - June 5, 2017
- HIPAA Risk Analysis Tip – Part 4 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - May 29, 2017
- HIPAA Risk Analysis Tip – Part 3 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - May 21, 2017