This is among the most important aspects of HIPAA compliance.
Think ahead about ways someone, or some group, might compromise files or databases containing Protected Health Information (PHI). Then take actions tp prevent such breaches to the best of your ability.
Because this phase of compliance is so essential, the federal government offers many valuable interactive tools to guide you through the process.
Tools and Resources for Step 4
First, learn the Top 10 Myths about Security Risk Analysis.
Basic Training Tools
Before beginning your assessment, here are two videos for small and medium-size providers on the broad objectives of risk assessment and contingency planning.
One is an 8-minute video on risk assessment and security managment. The other runs 6 minutes and defines what a contingency plan is, why you need it, and what to do.
To test your knowledge of security risk and contingency planning, you can also play these animated 6 to 8 minute games.
You will be presented with scenarios and asked to make the right decisions. And if you make a wrong decision, you’ll know it!
The Contingency Planning Challenge The Privacy & Security Challenge
Advanced Training Tools
For those ready for a comprehensive analysis, the Security Risk Assessment (SRA) tool takes you through each HIPAA requirement.
The SRA Tool guides you through 156 questions. In each case, you will see the actual safeguard language of the HIPAA Security Rule.
As you work through the tutorial, you will be asked questions with promptings on:
-
What to consider
-
Potential threats and vulnerabilities
-
Examples of safeguards
You can document your answers, comments, and risk remediation plans directly into the SRA Tool. The tool serves as your local repository for the information and does not send your data anywhere else. At any time during the risk assessment process, you can pause to view your current results. Developed by a collaboration of government offices, it is user friendly, and comes in interactive downloadable versions for both Windows and iPad, as well as downloadable Word documents.
SRA Tool (Windows Version) SRA Tool (iPad Version) SRA Tool User Guide
Printable versions of the tool:
Additional Topics
If you would like to review cases of actual breaches, here are recent examples:
-
$750,000 HIPAA Settlement Emphasizes the Importance of Risk Analysis and Device and Media Control Policies – August 31, 2015
-
HIPAA Settlement Highlights Importance of Safeguards When Using Internet Applications – June 10, 2015
-
HIPAA Settlement Highlights the Continuing Importance of Secure Disposal of Paper Medical Records – April 22, 2015
-
HIPAA Settlement Underscores the Vulnerability of Unpatched and Unsupported Software – December 2, 2014
-
$800,000 HIPAA Settlement in Medical Records Dumping Case – June 23, 2014
-
Data Breach Results in $4.8 Million HIPAA Settlements – May 7, 2014
-
Concentra Settles HIPAA Case for $1,725,220 – April 22, 2014
-
QCA Settles HIPAA Case for $250,000 – April 22, 2014
-
County Government Settles Potential HIPAA Violations – March 7, 2014