HIPPA Privacy, Security and Breach Risk Assessment Services

Cogent Company has launched a new service with a partner to help healthcare organizations to perform privacy and security risk assessments following Health Insurance Portability and Accountability Act (“HIPPA”)/Health Information Technology for Economic and Clinical Health (“HITECH”) and the Office of Civil Rights (“OCR”) guidelines. Our team has performed over 100 successful assessments.

Our team has developed and implemented IT security and privacy risk assessment to help medical facilities protect ePHI and comply with the HIPAA Security and Privacy Rules and the HITECH Act. However, more than just a risk assessment, these engagements also provide a network assessment and consulting around best practices for networking and infrastructure design, policies and procedures. With dozens of risk assessments performed, our team has compiled significant data to review the intended purpose and expected goals, and review and analyze the results obtained.

Risk Analysis is often regarded as the first step towards HIPAA compliance. Risk analysis is a required implementation specification under the Security Management Process standard of the Administrative Safeguards portion of the HIPAA Security Rule as per Section 164.308(a)(1). Covered entities will Advisory Puzzle benefit from an effective Risk Analysis and Risk Management program beyond just being HIPAA compliant.

The overall objective of a HIPAA risk analysis is to document the Potential risks and vulnerabilities to the confidentiality, integrity, or availability of electronic protected health information (ePHI) and determine the appropriate safeguards to bring the level of risk to an acceptable and manageable level. HIPAA risk assessment helps in ensuring that controls and expenditure are fully commensurate with the risks to which the organization is exposed.

The key to any effective security program is to understand the risk level in the organization and then to determine how to effectively mitigate that risk. This requires identifying what is the data that your organization needs to protect and where that data lives and moves. This then provides the basis for security policies, practices and technologies to protect all such data, such as electronic protected health information. Risk analysis requires understanding the core business functions of the enterprise and then analyzing potential threats and vulnerabilities to assets and information. It helps identify critical business assets and associated risks.

The HIPAA Security Rule specifies a series of administrative, technical and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information (ePHI). These provisions are found at 45 CFR Part 160, and Part 164, Subparts A and C. For more details, refer to: http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/adminsipregtext.pdf.

To learn more about how we can help you with your security and risk audit, please contact us at info@cogentcompany.com.