HIPAA Risk Assessments
Sara Computers provides HIPAA Hi-Tech Security Compliance Services where you work with one of our HIPAA compliance experts to remediate IT issues uncovered during your HIPAA Security Risk Assessment. Sara Computers will help you navigate confusing HIPAA Security rules. Conducting HIPAA Risk Assessments is a mandatory and crucial requirement for Covered Entities and Business Associates.
Under the HIPAA Omnibus Security Rules unveiled in 2013 Healthcare Providers and Other Covered Entities as well as Business Associates are required to comply with a multitude of cybersecurity rules as well as document their administrative and physical safeguards for protecting Protected Health Information or (PHI) and undergo annual Security Risk Assessments which help to uncover potential issues with your handling of PHI and help ensure that you stay compliant with HIPAA security rules.
The following is a short list of the types of Covered Entities that are required to comply with these new HIPAA Security Rules:
Health Care Provider
- Doctors
- Clinics
- Psychologists
- Dentists
- Chiropractors
- Nursing Homes
- Pharmacies
Health Insurance Plans
- Health Insurance Companies
- HMOs
- Company health plans
- Government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans health care programs
Health Care Clearinghouse
This includes entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.
In addition to the above so-called “Covered Entities” there is an estimated 2,000,000 additional “HIPAA Business Associates” that are exposed – or have access to — protected information making them also subject to HIPAA regulations. A HIPAA Business associate is any of the following types of businesses that has one or more Covered Entities as a customer or client:
- IT Service Providers
- Medical Billing Companies
- Document Shredding Companies
- Documents Storage Companies
- Accountants
- Collection Agencies
- EMR Companies
- Data Centers, Online Backup companies, Cloud vendors
- Insurance Agents
- Revenue Cycle Management vendors
- Contract Transcriptionists
EVERY Business Associate, and all of their subcontractors, must have proof of a HIPAA Risk Analysis under the law. Even if they wanted to, most of these organizations do not have the staff, resources or expertise to do it themselves. HIPAA audits and investigations require evidence that required tasks have been carried out and completed by covered entities and documentation of this must be kept for six years.
What You Can Expect From a HIPAA Security Risk Assessment from Sara Computers:
Evidence of Compliance includes log-in files, patch analysis, user & computer information, and other source material to support your compliance activities. When all’s said and done, the proof to proper documentation is accessibility and the detail to satisfy an auditor or investigator are included in this report.
- Evidence of Compliance including log-in files, patch analysis, user & computer information, and other source material to support your compliance activities
- Pinpoint organizational threats and vulnerabilities
- Identify controls and protections in place and any gaps in those controls
- Calculate risk ratings and where the organization should focus its remediation efforts
- Prioritize controls needed to protect highly sensitive ePHI
- Includes a Findings, Observations and Recommendations Report
After a Risk Assessment Sara Computers can implement needed IT fixes and help clients with implementing procedures that are designed to allow authorized access and deny unauthorized access, to and within facilities, to limit access to devices that can access or store ePHI.