HIPAA Risk Management Services
HIPAA Covered Entities and Business Associates are obligated under the HIPAA Security Rule to implement a risk management process. Through this process, organizations must “implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with the HIPAA Security Rule.
A prerequisite to risk management is a thorough and accurate computer security risk analysis and/or a set of HIPAA Policies and Procedures. What becomes quickly apparent is that organizations of all sizes struggle to effectively implement these policies and to address the items in their risk analysis. Examples of implementation items include:
- Implementing encryption of mobile devices, workstations and databases
- Selecting and implementing a secure email solution
- Updating custom applications to include appropriate access controls and audit trails
- Auditing vendors and contractors
- Creating an internal audit program to monitor employee use of electronic record software
- Conducting a technical vulnerability analysis and/or penetration test of the computer network
- Implementing an effective employee training program, including initial training and ongoing security awareness training
- Upgrading the system backup and conducting recovery testing
- Implementing a System Information and Event Monitoring System and/or audit log monitoring system
- Implementing a mobile device management system
For organizations who take compliance seriously, the list of projects can be overwhelming. Simply achieving basic compliance often requires a multi-year effort. Eagle provides HIPAA Risk Management support, including both project management and/or project support for any of the above projects. Risk Management services pick up once policy and procedure development and/or a risk analysis are completed.
First, we create a project plan that prioritizes projects based on overall security risk reduction. Next, we regularly meet with both management and appropriate staff members to implement the plan. Eagle Consulting adds value by driving the Risk Management effort and creating the documentation which is required by HIPAA.
In addition to project management, we can assist with completing specific Risk Management projects. Examples include, but are not limited to, providing staff training, managing the ongoing security awareness training program, conducting a technical vulnerability analysis or conducting a penetration test.
Let Eagle’s Risk Management Support services give you peace of mind knowing that your organization is being guided toward risk management compliance.