The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires that you perform a periodic “risk assessment” of your practice. However, this is a mandatory analysis of your practice. To be clear, patient information protection and privacy is what drives HIPAA. So, a proper analysis identifies the strengths and weaknesses of the safeguards your practice has in place. Further, these assessments must include an evaluation of at least three types of safeguards you should use in your practice. These safeguards are: (1) physical safeguards; (2) technical safeguards; and (3) administrative safeguards.
A risk assessment is a formal process and must be documented and include a review of each type of safeguard. Further, it must include a discussion of any identified weaknesses and deficiencies of those safeguards in your practice. Finally, the assessment should cause the practice either to take the appropriate steps to address those weaknesses or document the reasons why you cannot reasonably address or implement those safeguards.
Remember, each practice is unique and a risk assessment must consider these differences in privacy and security needs, resources, and capabilities. For example, a risk assessment for a specialty surgical group comprised of 20 physicians may look very different from one for a medical practice with two or three psychiatrists.
Two Assessments Included
Vijilant includes two HIPAA compliance services design for the healthcare practice. The difference between the two offerings is a matter of depth and the stage of practice maturity relative to HIPAA compliance. For instance, those practices that are well along the process and have a mature compliance process we use the Annual HIPAA Risk Assessment. Alternatively, for those practices that need a comprehensive approach to bringing their practice into compliance, a better choice might be the HIPAA Complete offering. Either way, both choices are part of your monthly price for the practice.
The HIPAA Complete offering provides the following:
- Risk Assessment
- Network and Office Discovery Report
- Risk Analysis
- HIPAA Management Plan
- Policy and Procedures Document
- Evidence of Compliance Document – used in the event of an audit or data breach
Above all, the time for preparing yourself for a HIPAA audit or a data breach is before they happen. Many practices learn this painful lesson too late.HIPAA Compliance Assessment Report Download (35 downloads)