What are HIPAA Risk Assessments?
HIPAA Risk Assessments are for healthcare-related Atlanta-based businesses and practices. Covered Entities and Business Associates are required to implement the Health Insurance Portability and Accountability Act (HIPAA) Risk Assessments. This act aims to protect all patients’ personally identifiable data. A covered entity is any organization that conducts business as an:
- Employee Group Health Plan
- Insurance
- Clinic
- Hospital
- Nursing Home
- Assisted Living
- Anyone who deals with patient information.
Whereas a Business Associated is any vendor or partner who:
- Transmits
- Stores
- Has access to protected health information.
Business associates can expand to multiple layers of providers. For example, a direct mail company can access patient’s names, addresses, and conditions. If the direct mail company hired a company to back up the data in the cloud, the backup company would be considered another business associate in the chain.
HIPAA Risk Assessments Requirements
HIPAA has a defined framework that addresses policy and procedures, administrative safeguards, technical safeguards, and physical safeguards.
• Privacy Policy and Procedures – Documentation of policy and procedures on how the company prevents and responds to a breach.
• Administrative Safeguards – Administrative Safeguards cover disaster recovery, contingency planning, login monitoring, and business associate requirements. These safeguards represent one-third of all security safeguards.
• Technical Safeguards – Technical Safeguards ensure data protection, such as passwords, encryption, and authorization.
• Physical Safeguards – Physical Safeguards cover the physical protection of the hardware and software in the facility. It includes access, disposal of devices, backups, and accountability.
Business Associate Risk Assessment
Business Associates comprise any company who stores, transmits, or has access to protected data on behalf of the covered entity. Unfortunately, many business associates take this requirement loosely, and some won’t even acknowledge they are Business Associates. However, it is very easy to determine whether they are a business associate if they can see it, store it, or transmit it. It also extends to their business partners or vendors.
For example, a call center collections company will have access to the name, phone number, address, amount owed, and procedure conducted. That is five forms of protected data. Unbeknownst to you, the company uses a third party to host their servers and perform cloud backups. In this way, they are another layer of business associates and also need a HIPAA risk assessment.
INSI’s HIPAA Risk Assessment Program
Do you need a custom HIPAA risk assessment performed? Fortunately, as part of INSI’s managed security services, INSI has partnered with Cybriant, which conducts HIPAA Risk Assessments while INSI addresses the vulnerabilities. It is an entirely turnkey HIPAA solution.
Contact INSI for your Custom HIPPA Risk Assessments: 770-387-2424, option 2.
About INSI: The Best MSP in Atlanta!
Innovative Network Systems, Inc. has a unique approach to integrating IT support and cybersecurity. Our month-to-month programs range from basic support to proactive support, managed support, and customized support. Each program is tailored to the client’s needs and internal IT strengths.
For more information about cybersecurity dangers and the preventative measures for your company, connect with the top MSP in Atlanta; Contact INSI: 770-387-2424, option 2 or click the link below. In addition, we offer 16 different cybersecurity programs to protect you and your data.
About the Author
Deborah Frazier is the author of IT Outsourcing Secrets – A Small Business Guide to Compare IT Support Companies. With nearly 20 years of experience consulting small and medium-sized businesses on their IT support needs, she brings a wealth of knowledge to INSI as Head of Marketing and Sales. If you like this article and want to get notified when a new article is posted, click here.
