HIPAA SECURITY RISK ASSESSMENT

See How Techumen Handles a Security Risk Assessment

CEO FEISAL NANJI DISCUSSES TECHUMEN’S STRATEGY FOR HEALTHCARE SECURITY RISK ASSESSMENT.

Request a Quote

At Techumen, we follow the National Institute of Standards and Technology (NIST) risk assessment methodology. This process encompasses nine primary steps. The Office of Civil Rights (OCR) which is the body that monitors compliance suggests that a Covered Entity (CE) use the NIST risk based approach for doing a Risk Analysis. Our view is that when the CMS suggests something, this suggestion is an imperative.

Considerable detail is available in the NIST’s Special Publication 800 -30. However an overview of each of these nine steps prescribed in the publication, and which we assiduously follow are:

To help fully understand your technology risk, you must understand the key data flows. We help you understand and inventory key technology components in your infrastructure. These could be applications, hardware, operating systems, laptops and mobile devices. In other words pretty much anything that receives stores or transmits information is in play.

Techumen by the numbers.

1032

Healthcare Organizations Served

2087

Audits Completed

100%

Pass Rate from HHS/CMS Audits

Struggling with IT Security?

Book a Free 30 Minute Consultation and Lets Make a Plan Together

HIPAA Security Rule Requirements - Covered

Under the HIPAA Security rule and “Meaningful Use” requirements, all electronic Protected Health Information (ePHI) created, received, maintained or transmitted by a “Covered Entity” (CE) and/or “Business Associate” serving a covered entity is subject to the Security Rule. If we assume that information technology powers modern healthcare, then it stores or disseminates virtually everything an entity might know about a patient. Thus ePHI security and privacy is fundamental and paramount to meeting your compliance obligation under federal law.

The Security Rule requires entities to evaluate risks and vulnerabilities in their technology environments and to implement reasonable and appropriate security measures to protect ePHI. In short, an information technology risk analysis is the fundamental security cornerstone the department of Health and Human Services (HHS) expects Covered Entities (CEs) to meet.