Security Risk Assessment

VITL offers services that can assist health care providers with keeping electronic patient information safe, to meet the Security and risk assessmentrequirements of the HIPAA Security Rule. Services include a comprehenive security risk assessment service, designed to evaluate existing vulnerabilities in data, electronic media and devices, physical plant, policies and procedures, and other sources that effect patient information confidentiality and safety. This assessment also meets the criteria for Meaningful Use Stage 1 and 2,  both of which contain core measures that require eligible professionals to protect electronic health information through the use of appropriate technical capabilities.

VITL's client services conducts the security risk assessment, which typically involves a three-hour visit to a healthcare practice or organization. A spreadsheet tool developed by VITL is used to identify and catalog security issues. Our review covers the electronic health records system, but goes well beyond it, covering items such as:

  • Is patient information encrypted on all devices?
  • Are business associate agreements in place with every entity that has access to protected health information (PHI)?
  • Is there security training for staff and providers?

A completed spreadsheet is given to the practice, which lists the identified vulnerabilities, recommends possible remediation steps, and allows the assessment and rating of risk. Potential areas requiring a new policy/procedure or updating an old one are also listed. Upon request, VITL can provide policy templates and further guidance with review of identified vulnerabilities and next steps for a practice.

Security breaches are serious matters with often expensive and embarrassing consequences. VITL can help practices avoid these unnecessary issues with a beneficial and thorough security risk assessment.

Please contact us for more information.

Tag / Keyword: