HIPAA: Five steps to ensuring your risk assessment complies with OCR guidelines

Download our latest whitepaper

Risk analysis: Five steps to getting it right

Janice Ahlstrom Janice Ahlstrom, Director, Risk, Internal Audit and Cybersecurity

HIPAA and healthcare technology have changed significantly over the past 20 years. Today, more than ever, covered entities and their business associates face an evolving risk environment in which they must safeguard electronic protected health information (ePHI).

Often, HIPAA risk assessment reports do not meet the guidance defined by the Office of Civil Rights (OCR) or support a complete review of the security rule controls. Checklists of policies and procedures, penetration test results and IT assessments barely scratch the surface of the data security safeguards.

Baker Tilly HIPAA and cybersecurity specialists developed a whitepaper that highlights the required components of a HIPAA risk analysis as defined in the security rule and also shares a cost effective approach to completing a risk analysis annually.

Jeff Krull

"HIPAA's role and importance continues to rise with the value of the data it was created to protect. If you are responsible for securing patient and proprietary healthcare information, you cannot afford to be unprepared. With the OCR increasing enforcement efforts related to HIPAA compliance, a HIPAA risk assessment plays a critical role. If performed in a strategic manner – customized to the entity's culture and organizational structure – it can help manage and reduce cybersecurity risks."

Jeff Krull, Partner, Risk, Internal Audit and Cybersecurity