A federal HIPAA security risk assessment is an tool of a health provider’s and business associates’ compliance with the HIPAA Security Rule.
The U.S. Department of Health and Human Services’ (HHS) Office for Civil rights (OCR) administers the HIPAA Security Rule to ensure that patient health information (PHI) remains secure while also enabling healthcare providers to use the latest technologies.
The HIPAA Security Rule comprises three areas:
HIPAA security risk assessment covers…
A HIPAA security risk assessment or gap assessment assesses your compliance with the administrative, physical, and technical safeguards listed above.
The supporting risk analysis should identify risks, potential risks, vulnerabilities, and potential threats, and assess how well the safeguards you have in place address them. Your risk analysis should include the following