Don’t let the stricter HIPAA rules scare you. Just understand how they work, who’s at
risk, and how to protect yourself. The first step is to hire a
company like Matterform to conduct a “risk
assessment. This required document
is the first thing a HIPAA auditor looks for, and skipping it could cost you.
You care about protecting patient privacy, and the HIPAA rules aren’t just a bureaucratic hassle, they’re actually
great guidelines to help you protect your patients and your business. Compliance begins with a risk assessment, which is
written documentation that deals with three basic elements:
* Threats and vulnerabilities
* Level of risk based on the likelihood of exploit and the resulting impact
* General action plan for each item of concern
Risk assessment: A good security practice in any industry
These assessments are a powerful tool not just for healthcare providers, they’re useful in other industries as well,
and Matterform is in high demand as a provider of assessments across a variety of businesses.
Matterform provides clients a risk analysis that covers every conceivable vulnerability with care and foresight, giving
healthcare providers and their vendors the comfort of knowing they’re protected from government oversight. We conduct an
accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and
availability of electronic protected health information (ePHI) held by the covered entity.
Here’s essentially what our customized assessments do for our clients:
* Identify and document reasonably anticipated threats, including natural, human and environmental.
* Identify and document vulnerabilities that, if triggered or exploited by a threat, would create a risk to EPHI.
* Analyze current security measures implemented to minimize or eliminate risks to EPHI.
* Evaluate the likelihood that a threat will trigger or exploit a specific vulnerability.
* Evaluate the potential impact of threat occurrence.
* Evaluate the level of risk to EPHI, determined by the likelihood of a given threat triggering or exploiting a specific
vulnerability, and the resulting impact.
* Recommend new controls to mitigate the risk.
How we do it
Performing a risk assessment is a straightforward process in which Matterform does all the heavy lifting for you. The
result is a tool that upper management can use to guide decision-making.
First we’ll work with you to determine the scope of the assessment. A full risk assessment covers all your Line of
Business processes and applications. It can be a big project, so we start small and focused. Custom applications,
databases, and electronic medical record systems (EMRs) are a great place to start, and are a Matterform specialty.
We’ll need access to your application and one or two interviews with staff. We’ll do the hard work.
Then we analyze everything and give you a written report.
This is the most important step: a plan of action. We grade risk levels based on likelihood and potential impact. The
plan of action is a detailed security matrix covering each required and addressable HIPAA
standard.
Finally, the executive summary outlines the top priorities in plain English.
Contact us, and we’ll start your risk assessment this week. The sooner you start, the sooner you can rest easy without
the specter of compliance hanging over your head. We can help you prioritize and budget tasks to get you on the road to
protecting patient privacy. This is a journey, not a destination. You’re never finished protecting patient privacy.
Matterform president Michael Herrick can be reached at michael@matterform.com.
