For health care organizations, failing to comply with or maintain HIPAA guidelines and standards can lead to large fines. The first step to securing electronic protected health information (e-PHI) is performing a Security Risk Assesment.
According to the Health & Human Services HIPAA Security Series, these are the eight steps to performing a Risk Assesment.
Steps of Risk Assessment
1. Identify the scope of the analysis.
2. Gather data.
3. Identify and document potential threats and vulnerabilities.
4. Assess current security measures.
5. Determine the likelihood of threat occurrence.
6. Determine the potential impact of threat occurrence.
7. Determine the level of risk.
8. Identify security measures and finalize documentation.
This risk assessment not only the first step to becoming HIPAA compliant, it is a great opportunity to identify potential weak spots or problems in an organizations network.
This can be a lengthy and potentially expensive process, but the benefits far outweigh any downside.