Security Risk Analysis

Our HIPAA HITECH Program| HIPAA-HITECH Overview | Policies and Procedures | Risk Mitigation | Risk Management

Risk management  is a major component of the HITECH act. The very first step to managing risk is to identify risk. That is why each Eligible Provider is required to conduct a Security Risk Analysis of their Practice’s Information Systems in order to qualify to receive incentive payments.

The Security Risk Analysis, sometime called the Security Risk Assessment, is not optional and is not a onetime requirement.

Periodic reviews and updates to the Security Risk Assessment are required to ensure continuous analysis to determine when updates to the Practices’ Information Systems are needed. (45 C.F.R. § 164.306(e) and 164.316(b)(2)(iii).) The Security Rule does not specify how frequently to perform risk analysis as part of a comprehensive risk management process. The frequency of performance will vary among Eligible Providers. A good rule to remember is that a Security Risk Assessment must always be conducted when attesting for Meaningful Use or when new technologies and business operations are planned.

Our Services

The HIPAA compliant Security Risk Analysis performed by Allstate IT Solutions includes:

  • Gathering data
  • Assessing current security measures
  • Identifying and documenting potential threats and vulnerabilities
  • Determining the likelihood of threat occurrence
  • Determining the potential impact of threat occurrence
  • Determining the level of risk
  • Identifying security measures

Once the analysis is complete, Allstate IT Solutions will provide you with a Security Audit and Risk Analysis (SARA) Report. The report will address your practice’s IT infrastructure achievements and deficiencies and will include recommendations for mitigation. The report will document existing security controls and their effectiveness, the exposure potential, the likelihood of threat occurrence, potential impact of threat, level of risk, risk rating and recommended security control measures. An equipment inventory is also included as part of the report.

The final report will satisfy the security risk assessment requirement for Incentive Program audit purposes.

The Next Step

Once the Security Risk Analysis is completed and Risk is identified, the Risks must be remediated (correcting a fault or deficiency).  Allstate IT Solutions offers Risk Mitigation Services to reduce risks to your Practice’s Information Systems.