HIPAA Risk Assessments must be performed year after year to account for changes in the scope or scale of your business. HIPAA Risk Assessments are also an essential component of MIPS/MACRA, which will only becoming more important in the years ahead.
By performing a HIPAA Risk Assessments, you’re auditing across your business’s administrative, physical, and technical compliance with the HIPAA Security Rule. Here are some brief explanations of each component of a HIPAA Risk Assessment:
- Administrative: The administrative assessment takes a look at the processes that your business has in place to ensure the security of PHI. Think about:
- What kind of security policies does your business have in place?
- Are your employees trained on HIPAA security requirements?
- Physical: The physical assessment is an audit of your business’ physical premises to ensure that proper security safeguards are in place. Think about:
- Are your health records kept in locked cabinets?
- Do you have an alarm system for the physical premises?
- Technical: And the technical assessment audits the safeguards your business has in place in order to keep the electronic transmission, storage, access, or engagement with PHI is kept secure. Think:
- What kind of firewall do you have in place?
Now that you have a better understanding of HIPAA security requirements, let’s take a look at options you have for your HIPAA Risk Assessment Template.