Many organizations are looking for a simple hipaa security checklist to help them complete the HIPAA Security Risk Analysis (per 45 CFR 164.308(a)(1)(ii)(A)) for a variety of reasons.  The two most prevalent reasons are: 1) compliance with the HIPAA Security Final Rule; and, 2) in the case if eligible hospitals and eligible providers seeking Meaningful Use incentive money, meeting the Stage I requirements.

Here’s today’s big tip – Choose your tool / methodology carefully…


HIPAA Security Risk Analysis Checklist

Be careful when choosing tools, templates and methods on the market or available for free.  We suggest you consider these seven steps:

  1. Form a cross functional business team with operations, legal, HR, compliance, administration and IT as members.
  2. Set your business risk management goals before you select a tool or template or methodology – what problem are you trying to solve?
  3. Learn the exact requirements in the Risk Analysis Implementation Specification.
  4. Establish your Risk Analysis scope to include all information assets that create, receive, maintain or transmit ePHI.
  5. Read the HHS/OCR “Guidance on Risk Analysis Requirements under the HIPAA Security Rule” issued in July 2010.
  6. Use the Nine (9) essential elements of an acceptable Risk Analysis as a key part of your evaluation and selection criteria!
  7. If you choose a tool, choose a reputable firm with a proven track record and reference-able customers in your segment of healthcare.

As required by The HITECH Act, the Office for Civil Rights has issued final “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”.  (July 2010).  We advise all Covered Entities and Business Associates to review the Final Guidance and become familiar with the applicable standards and implementation specifications.

Want a real hipaa security checklist? Learn more…

Please avail yourself of any of these free resources which you may access now by clicking on the links below:

Series Navigation<< HIPAA Security Risk Analysis Tips – How to Get StartedHIPAA Security Risk Analysis Tips – Risk Analysis White Paper >>

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.