What is a HIPAA IT Risk Analysis?
Understanding the purpose of a risk analysis is the first step in creating a risk analysis template, or choosing a pre-existing template that works for you. The purpose of a HIPAA risk analysis is to assess your current security practices to ensure that they meet HIPAA standards. To meet HIPAA standards, your security practices must ensure the confidentiality, integrity, and availability of patient information (protected health information).
When you perform your risk analysis, you’re auditing your business’s administrative, physical, and technical safeguards.
The administrative assessment takes a look at the processes that your business has in place to ensure the security of PHI.
- What kind of security policies does your business have in place?
- Are your employees trained on HIPAA security requirements?
The physical assessment is an audit of your business’ physical premises to ensure that proper security safeguards are in place.
- Are your health records kept in locked cabinets?
- Do you have an alarm system for the physical premises?