Healthcare professionals, throughout the United States, have been learning to manage HIPAA compliance to adhere to industry requirements. One component that the healthcare industry must comply with is the Security Risk Assessment (or SRA), which must be completed annually. The Security Risk Assessment includes, not only your processes and procedures, for managing protected health information, it also includes a thorough review of your IT Infrastructure, including areas such as:
Business Continuity Procedures
Secure data transmission
All of these issues are critical to the security and privacy of your patients’ information, and performing a security risk assessment can be time-consuming and difficult. WheelHouse Solutions’ HIPAA risk assessment team has worked hard to make these assessments as quick and painless as possible, so that you can focus on your patients.
What you get
Our risk assessment provides you with a full, audit-ready report, that explains to you where you are at-risk and what changes you can make to reduce the risks. We will run an analysis of your IT environment, including scans that will help you identify where you have protected health information. When we leave, you can feel confident that you have a plan that will keep you in compliance.
Security Risk Assessment FAQs
Who is required to complete an annual SRA?
Any organization that maintains, tracks or, otherwise, has access to protected health data is required to complete an annual SRA, particularly medical professionals, such as chiropractors, dentists, general practitioners and other medical specialists.
Is Security Risk Analysis optional for small providers?
In a word – No. All providers who are “covered entities”, under HIPAA, are required to perform a risk analysis. Additionally, any providers who receive EHR incentive payments are required to perform a SRA, as well.
Is it true that EHR vendors are not responsible for compliance?
While an EHR vendor may be able to provide information, or training, on privacy and security aspects, relating to their product, they are not actually responsible for making their products compliant with HIPAA’s Privacy and Security Rules. It is, solely, the responsibility of the “covered entity” to complete an SRA.