August 07, 2015

Episode 13: What is a HIPAA Risk Analysis

35 minutes

Description

What a HIPAA Risk Analysis includes and why you need it for your cybersecurity risk management.

Glossary

CReMaT'ed - Create, Receive, Maintain, Transmit

CIA - Confidentiality, Integrity, Availability

Links

JPP Medical Record

OCR Guidance on Risk Analysis

Training Documentation for this episode

FindHealthcareIT

HIPAAforMSPS.com

Kardon Compliance

Notes

Not a simple checklist it requires a lot of thought, data collection, and analysis.

The analysis part

Define where e-PHI is CReMaT'ed in your organization.

Not just the server that holds the EMR.

Cloud apps used, messaging tools, mobile devices, USB storage devices, home computers

Practice Management system and data analysis tools

Don't forget to include downloads folders and temp folders on all PCs.

Do you need to worry about vendors or consultants - your BAs that may move data around your network, systems, etc.

If they handle it for you do you even know where it is going?

What are the threats to the CIA of the PHI that you have located and identified above?

Human

Natural

Environmental

What would be the impact to your business if the threat did act against your PHI?

Would it be a bump in the road or a sinkhole?

What is the likelihood this threat will actually act against your PHI?

Very likely down to not likely at all

With all this considered what level risk do you think this threat creates to your PHI?

High, Medium, or Low

Based on everything you know then you decide what you are going to do about the threat and the risk it presents?

Accept the risk is just part of doing business

Address the risk with some type of safeguards in your organization

Outsource the risk by hiring another company to handle managing it for you

The assessment part

At this point, you review that plan you have just made to address risks against what you are actually doing

Are doing everything you can to protect the PHI and meet your obligations under HIPAA laws from all those threats?

If you are outsourcing threat management, have you made sure your BAAs are in order?

If you are handling it internally do you have all the written policies and procedures

Is your staff trained to respond accordingly?

Once you complete that process you draw up your final report on what was determined during your analysis and assessment.

What actions need to take place to address those threats and what priority should be applied to them?

This is your full analysis and assessment report that you will use to inform your decision making process for your security policies and procedures.

It is also the report you will review and update on a regular basis. Sometimes minor updates are needed but other times you will need to do most of the whole thing over if there is a major change in your business.

...more

View all episodes

By Donna Grindle and David Sims

4.9

6161 ratings

August 07, 2015

Episode 13: What is a HIPAA Risk Analysis

35 minutes

Description

What a HIPAA Risk Analysis includes and why you need it for your cybersecurity risk management.

Glossary

CReMaT'ed - Create, Receive, Maintain, Transmit

CIA - Confidentiality, Integrity, Availability

Links

JPP Medical Record

OCR Guidance on Risk Analysis

Training Documentation for this episode

FindHealthcareIT

HIPAAforMSPS.com

Kardon Compliance

Notes

Not a simple checklist it requires a lot of thought, data collection, and analysis.

The analysis part

Define where e-PHI is CReMaT'ed in your organization.

Not just the server that holds the EMR.

Cloud apps used, messaging tools, mobile devices, USB storage devices, home computers

Practice Management system and data analysis tools

Don't forget to include downloads folders and temp folders on all PCs.

Do you need to worry about vendors or consultants - your BAs that may move data around your network, systems, etc.

If they handle it for you do you even know where it is going?

What are the threats to the CIA of the PHI that you have located and identified above?

Human

Natural

Environmental

What would be the impact to your business if the threat did act against your PHI?

Would it be a bump in the road or a sinkhole?

What is the likelihood this threat will actually act against your PHI?

Very likely down to not likely at all

With all this considered what level risk do you think this threat creates to your PHI?

High, Medium, or Low

Based on everything you know then you decide what you are going to do about the threat and the risk it presents?

Accept the risk is just part of doing business

Address the risk with some type of safeguards in your organization

Outsource the risk by hiring another company to handle managing it for you

The assessment part

At this point, you review that plan you have just made to address risks against what you are actually doing

Are doing everything you can to protect the PHI and meet your obligations under HIPAA laws from all those threats?

If you are outsourcing threat management, have you made sure your BAAs are in order?

If you are handling it internally do you have all the written policies and procedures

Is your staff trained to respond accordingly?

Once you complete that process you draw up your final report on what was determined during your analysis and assessment.

What actions need to take place to address those threats and what priority should be applied to them?

This is your full analysis and assessment report that you will use to inform your decision making process for your security policies and procedures.

...more

More shows like Help Me With HIPAA

View all

This Week in Tech (Audio)

3,014 Listeners

The Ramsey Show

38,704 Listeners

Wait Wait... Don't Tell Me!

38,649 Listeners

Radiolab

43,909 Listeners

The Joe Rogan Experience

225,807 Listeners

CyberWire Daily

1,006 Listeners

Juicy Scoop with Heather McDonald

25,558 Listeners

The Jordan B. Peterson Podcast

34,045 Listeners

This Past Weekend w/ Theo Von

27,214 Listeners

Darknet Diaries

7,871 Listeners

CISO Series Podcast

187 Listeners

All-In with Chamath, Jason, Sacks & Friedberg

9,095 Listeners

The MeidasTouch Podcast

44,368 Listeners

SmartLess

57,908 Listeners

The Dr. John Delony Show

7,093 Listeners

Share Episode 13: What is a HIPAA Risk Analysis

Sign up to save your podcasts

Episode 13: What is a HIPAA Risk Analysis

Episode 13: What is a HIPAA Risk Analysis

More shows like Help Me With HIPAA

This Week in Tech (Audio)

The Ramsey Show

Wait Wait... Don't Tell Me!

Radiolab

The Joe Rogan Experience

CyberWire Daily

Juicy Scoop with Heather McDonald

The Jordan B. Peterson Podcast

This Past Weekend w/ Theo Von

Darknet Diaries

CISO Series Podcast

All-In with Chamath, Jason, Sacks & Friedberg

The MeidasTouch Podcast

SmartLess

The Dr. John Delony Show