The Scope of a HIPAA Risk Assessment

Administrative Safeguard

-Risk analysis procedures & demonstration of a risk management process.
-Policies & procedures relevant to operational security, including business associate security requirements.

-Evidence of periodic technical & non-technical reviews.
-Information access restriction requirements & controls.
-Incident response procedures & disaster recovery plan.

Physical Safeguard

-Physical access controls, such as building access and appropriate record keeping.
-Policies & procedures for workstation security.
-Proper usage, storage, & disposal of data storage devices.

Technical Safeguard

-Auditing & audit procedures.
-Using encryption devices & tools if deemed appropriate.
-Implementation of technology to ensure ePHI integrity confidentiality, & availability

After determining your gaps, you will then have to remediate & track the outcome.  Knowledge & expertise of the rules is essential when performing this process.

Find out more about risk assessments and how to achieve, illustrate and maintain your HIPAA compliance.