HIPAA Security Risk Analysis Checklist

This entry is part 7 of 39 in the series HIPAA Security Risk Analysis Tips

Many organizations are looking for a simple hipaa security checklist to help them complete the HIPAA Security Risk Analysis (per 45 CFR 164.308(a)(1)(ii)(A)) for a variety of reasons.  The two most prevalent reasons are: 1) compliance with the HIPAA Security Final Rule; and, 2) in the case if eligible hospitals and eligible providers seeking Meaningful Use incentive money, meeting the Stage I requirements.

Here’s today’s big tip – Choose your tool / methodology carefully…

HIPAA Security Risk Analysis Checklist

Be careful when choosing tools, templates and methods on the market or available for free.  We suggest you consider these seven steps:

  1. Form a cross functional business team with operations, legal, HR, compliance, administration and IT as members.
  2. Set your business risk management goals before you select a tool or template or methodology – what problem are you trying to solve?
  3. Learn the exact requirements in the Risk Analysis Implementation Specification.
  4. Establish your Risk Analysis scope to include all information assets that create, receive, maintain or transmit ePHI.
  5. Read the HHS/OCR “Guidance on Risk Analysis Requirements under the HIPAA Security Rule” issued in July 2010.
  6. Use the Nine (9) essential elements of an acceptable Risk Analysis as a key part of your evaluation and selection criteria!
  7. If you choose a tool, choose a reputable firm with a proven track record and reference-able customers in your segment of healthcare.

As required by The HITECH Act, the Office for Civil Rights has issued final “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”.  (July 2010).  We advise all Covered Entities and Business Associates to review the Final Guidance and become familiar with the applicable standards and implementation specifications.

Want a real hipaa security checklist? Learn more…

The complete HIPAA Privacy, Security and Breach regulations are here.

If you’d like keep up to date on Risk Analysis or HIPAA-HITECH in general, please also consider (all optional!):

Series Navigation<< HIPAA Security Risk Analysis Tips – How to Get StartedHIPAA Security Risk Analysis Tips – Risk Analysis White Paper >>
One Response to “HIPAA Security Risk Analysis Checklist”
  1. Wings 24 May 2016 at 12:15 am #

    Two things are infinite: the universe and human stupidity; and Im not sure about the universe!

Leave a Reply