What is a Security Risk Analysis?
To make a simplistic medical analogy, a security risk analysis is the examination and testing you do to assess clinical risk and diagnose a condition. Just as you use a diagnosis and other clinical data to plan treatment, you will use the risk analysis to create an action plan to make your practice better at protecting patient information. Further, privacy and security are like chronic diseases that require treatment, ongoing monitoring and evaluation, and periodic adjustment. A security risk analysis is a systematic and ongoing process of both:
- Identifying and examining potential threats and vulnerabilities to protected health information in your medical practice.
- Implementing changes to make patient health information more secure than at present, then monitoring results (i.e., risk management).
Why is the Security Risk Analysis important?
- An expensive data breach
- Your name on the public HIPAA “Wall of Shame”
- A malpractice lawsuit
- A million-dollar HIPAA penalty
- Returning your Meaningful Use incentive money
- Reduced Medicare payments for years
- Losing your license or your practice
Why should you view this recorded webinar?
All providers who are “covered entities” under HIPAA are required to perform a security risk analysis. Even if you are using a certified EHR, you must still perform a full security risk analysis as HIPAA security requirements address all electronic protected health information you maintain, not just what is in your EHR. In behavioral health, many providers must also comply with Title 42 for substance abuse treatment and laws protecting the confidentiality of HIV, sexually transmitted disease, mental health care, and minors.