Select Page

Trust Experience: Eagle HIPAA Security Risk Assessment Solutions

Computer security risk solutions from EagleEagle consultants bring years of experience in HIPAA compliance and audit readiness to hospitals, physician practices, business associates, and government agencies.

Our HIPAA risk assessment protocol  is tailored to to your organization type (click your organization type below).

Ensure HIPAA Compliance for Your Practice

Physician Practice:  For this HIPAA risk assessment (or HIPAA risk analysis), Eagle uses the methodology specified in NIST SP 800-30, which is the only approach explicitly mentioned in the HIPAA Security Rule as an appropriate methodology.  For smaller practices, this risk assessment can be conducted remotely.  For larger practices, an on-site review is recommended.

This risk assessment is required annually by the CMS “Promoting Interoperability” (PI) programs for Objective #1,  Privacy and Security.  (In April 2018, CMS renamed both the “Advancing Care Information” Performance Category of the MIPS and the physician Medicaid “Meaningful Use” programs to “Promoting Interoperability”.

Eagle Consulting Services Guarantee

The PI requirement also discusses a Security Management Process. Simply put, the “Security Management Process” consists of the following:  A) Conduct a risk analysis, B) Implement security fixes to correct deficiencies, and C) Repeat.  To fulfill the PI requirement, you must do both A and B.

The EHR software you purchased, and its measure “dashboard”, show no details about this objective since the software has no way of knowing if you meet the requirements of this objective.

For more information regarding the risk assessment and the PI program requirements, see the two posts Achieving Meaningful Use Stage 1 for Privacy and Security and 45 CFR 164.308(a)(1), 45 CFR 164.312(a)(2)(iv) and 45 CFR 164.306(d)(3) Explained. (Note that while CMS renamed “Meaningful Use” to “Promoting Interoperability”, the content of these posts is otherwise current and accurate).

By choosing Eagle’s service, physicians can attest with confidence, without worry if the physician is selected for a government audit for the MIPS or PI programs.  Eagle has a 100% acceptance rate for its clients who have been selected for one of these audits.

Call Eagle Today:  216.503.0333

 

Meet Your HIPAA Compliance Deadline on Time and on Budget

Hospitals:  Eagle Consulting assists hospitals and large physician practices with the Privacy and Security objective for the Promoting Interoperability (PI) program (formerly “Meaningful Use” and “Advancing Care Information”).  This includes conducting the HIPAA Risk Assessment (or HIPAA Risk Analysis) and creating a corrective action plan based on the findings.

The fundamental purpose of implementing internal controls is to mitigate risk to an acceptable level within the organization.  This risk assessment is based on the controls specific to the HIPAA Security Rule as they relate to the hospital’s business goals, objectives, and perceived threats.  Our unique risk assessment measures both compliance to controls and the level of risk that exists as it relates to IT threats, existing vulnerabilities, and the probability that these vulnerabilities will be exploited.Eagle Consulting Services Guarantee

Engagement Process

Discovery.  After identifying key participants from the hospital organization, a custom assessment workbook is prepared for each participant.  The workbook includes all of the HIPAA Security Rule’s 45 implementation specifications, 25 controls from the ISO 27002 framework, and controls from the Center for Internet Security’s Top 20 Security Controls.  Conducting an effective risk assessment for a larger organization requires a more comprehensive and granular framework, such as ISO 27002.  Select controls from the Center for Internet Security’s Top 20 are evaluated because these high-priority controls are absent from HIPAA.  Conducting an appropriate risk assessment requires an evaluation of the controls that matter. This process includes a review of Policies & Procedures manuals for compliance with state and federal regulations.

Testing.  Existing security controls will be evaluated, including any previously completed penetration testing and vulnerability scanning.  As an option with this process, Eagle can include either of these evaluations as part of the scope of work.

Site Review. An on-site risk assessment is included, with a walkthrough of facilities to evaluate physical security controls, to validate data obtained, and to perform additional assessments.

Final Report.  A final written report is provided in a format consistent with the requirements of the HIPAA Security rule, 164.308(a)(1)(ii).  This standard calls for an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI.  Eagle’s report will include a list of prioritized recommendations to address risks and vulnerabilities identified.

Risk Management Support.  The CMS Promoting Interoperability objective requires that the hospital address deficiencies identified as part of its ongoing Security Management Process.  Eagle offers retainer agreements to assist with risk management, that is, the process of addressing the issues identified in the risk analysis report.  In addition, a variety of services are available to assist with corrective action.

The Promoting Interoperability programs all require that the HIPAA risk assessment be updated annually.

Call Eagle Today:  216.503.0333

Prove Your HIPAA Compliance (Customers Demand It)

Business Associates: Now you can prove your HIPAA compliance to your customers. Eagle Consulting assists Business Associates with the HIPAA Risk Assessment (or HIPAA Risk Analysis) required by the HIPAA Security Rule. In addition to conducting the HIPAA Risk Assessment, Eagle will provide a corrective action plan based on the findings. This graphic illustration of the Security Management Process shows the multiple steps to create a detailed Security Risk Assessment.

When dealing with hospitals, physician practices or insurance companies, a standard framework can be used because the business processes of these entities are generally understood at the onset.  However, there is tremendous variety of Business Associates with vastly different business processes, for example:

  • Eagle Consulting Services GuaranteeBilling services are focused on healthcare and maintain billing and/or electronic records with access to records of a few practices or to records of hundreds of organizations
  • Consulting firms and law firms may send consultants or attorneys on site at hospitals, but never store any electronic PHI in their own systems
  • Medical software authors/resellers may have extensive teams of software developers, and customers may expect that the code is secure.  These organizations may process PHI on a limited basis for data conversions, but otherwise keep no PHI.  In addition, these organizations may maintain electronic access to their client’s systems.
  • A direct mail mailing house may service a wide variety of industries and from time to time handle a large hospital’s mailings to patients

Further, business associates may range from a small organization with a few people to a national organization with hundreds of locations and tens of thousands of employees.  Because of this wide range, an initial discovery phase is necessary as part of the risk analysis process.

Engagement & Eagle Solution Process

Discovery and Control Selection.  The first step is to understand the business processes of the Business Associate, to identify the electronic PHI that it maintains, and to briefly understand the existing controls in place.  Based on the business processes, Eagle identifies the controls that are most appropriate.  The selection process involves reviewing appropriate controls, not only from the HIPAA Implementation Specifications, but also from the more comprehensive and granular framework, ISO 27002.  In addition, Eagle reviews relevant controls from the Center for Internet Security’s Top 20 Security Controls because some of these high-priority controls are absent from HIPAA.

Control Review and Testing.  Using the controls identified above, existing controls will be reviewed in more detail with gaps and deficiencies identified.  Any previous evaluations, such as penetration testing and vulnerability scans, will be reviewed.  As an option with this process, Eagle can include either of these evaluations as part of the scope of work.

Impact Assessment.  Based on an understanding of the quantity of ePHI involved, the nature of the organization, and the reliance on information technology for daily operations, the impact of various failures will be estimated.  Failures evaluated will include data breach, system downtime, and data integrity failures.

Site Review. An on-site assessment is included, with a walk through of facilities to evaluate physical security controls, to validate data obtained, and to perform additional assessments.

Final Report.  A final written report is provided in a format consistent with the requirements of the HIPAA Security rule, 164.308(a)(1)(ii).  This standard calls for an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of ePHI.  Eagle’s report will include a list of prioritized recommendations to address risks and vulnerabilities identified.

Remediation Support.  As a follow-up to the HIPAA risk assessment, a variety of services are available to assist with corrective action.

Call Eagle Today:  216.503.0333

Meet Your Agency HIPAA Compliance Requirements

Government:  Eagle Consulting Partners specializes in helping Governmental Agencies comply with the HIPAA law and other applicable Privacy and Security regulations. Eagle has worked with numerous Public Health Departments and agencies serving the developmentally disabled providing them with support for HIPAA and other privacy laws.

For over 15 years, Eagle has been at the forefront of serving Ohio County Boards of Developmental Disabilities in conducting HIPAA Security Risk Assessments (or HIPAA Risk Analyses) and creating procedures to protect computer data security and client privacy. Eagle has experience working with GateKeeper, Intellivue, as well as other software used by county boards to provide services.

Our HIPAA Risk Assessment Process:

Eagle Consulting Services Guarantee

Discovery.  After identifying key participants from the organization, a custom assessment workbook is prepared for each participant.  The workbook includes all of the HIPAA Security Rule’s 42 implementation specifications, an additional 25 controls from the ISO 27001/27002 framework, and controls from the Center for Internet Security’s Top 20 Security Controls.  Conducting an effective risk assessment for a larger organization requires a more comprehensive and granular control set, such as ISO 27002.  Select controls from the Center for Internet Security’s Top 20 are evaluated because these high-priority controls are absent from HIPAA.  Conducting an appropriate risk assessment requires an evaluation of the controls that matter. This process includes a review of Policies & Procedures manuals for compliance with state and federal regulations.

Testing.  Existing security controls will be evaluated, including any previously completed penetration testing and vulnerability scanning.  As an option with this process, Eagle can include either of these evaluations as part of the scope of work.

Site Review. An on-site assessment is included, with a walkthrough of facilities to evaluate physical security controls, to validate data obtained, and to perform additional assessments.

Final Report.  A final written report is provided in a format consistent with the requirements of the HIPAA Security rule, 164.308(a)(1)(ii).  This standard calls for an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI.  Eagle’s report will include a list of prioritized recommendations to address risks and vulnerabilities identified.

Call Eagle Today:  216.503.0333

Make Sure Your HIPAA Compliance Plan is Dialed In

Payers:  Eagle Consulting assists Payers with the HIPAA Risk Assessment (or HIPAA Risk Analysis) required by the HIPAA Security Rule.  Included with the HIPAA Security Risk Assessment, Eagle will provide a corrective action plan based on the findings.

Our HIPAA Risk Assessment Process:

Discovery.  After identifying key participants from the organization, a custom assessment workbook is prepared for each participant.  The workbook includes all of the HIPAA Security Rule’s 42 implementation specifications, an additional 25 controls from the ISO 27001/27002 framework, and controls from the Center for Internet Security’s TopEagle Consulting Services Guarantee 20 Security Controls.  Conducting an effective risk assessment for a larger organization requires a more comprehensive and granular control set, such as ISO 27002.  Select controls from the Council on CyberSecurity’s Top 20 are also evaluated because these high-priority controls are absent from HIPAA.  Conducting an appropriate risk assessment requires an evaluation of the controls that matter. This process includes a review of Policies & Procedures manuals for compliance with state and federal regulations.

Testing.  Existing security controls will be evaluated, including any previously completed penetration testing and vulnerability scanning.  As an option with this process, Eagle can include either of these evaluations as part of the scope of work.

Site Review. An on-site assessment is included, with a walkthrough of facilities to evaluate physical security controls, to validate data obtained, and to perform additional assessments.

Final Report.  A final written report is provided in a format consistent with the requirements of the HIPAA Security rule, 164.308(a)(1)(ii).  This standard calls for an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI.  Eagle’s report will include a list of prioritized recommendations to address risks and vulnerabilities identified.

Call Eagle Today:  216.503.0333

Get Your Company Into HIPAA Compliance on Deadline and on Budget

Other Providers:  Eagle Consulting assists Providers with the HIPAA Risk Assessment (or HIPAA Risk Analysis) required by the HIPAA Security Rule.  Included with the HIPAA Security Risk Assessment, Eagle will provide a corrective action plan based on the findings.

Eagle Consulting Services Guarantee

Our HIPAA Risk Assessment Process:

Discovery.  After identifying key participants from the organization, a custom assessment workbook is prepared for each participant.  The workbook includes all of the HIPAA Security Rule’s 42 implementation specifications, an additional 25 controls from the ISO 27001/27002 framework, and controls from the Center for Internet Security’s Top 20 Security Controls.  Conducting an effective risk assessment for a larger organization requires a more comprehensive and granular control set, such as ISO 27002.  Select controls from the Council on CyberSecurity’s Top 20 are also evaluated because these high-priority controls are absent from the HIPAA law.  Conducting an appropriate risk assessment demands an evaluation of the controls that matter. This process includes a review of Policies & Procedures manuals for compliance with state and federal regulations.

Testing.  Existing security controls will be evaluated, including any previously completed penetration testing and vulnerability scanning.  As an option with this process, Eagle can include either of these evaluations as part of the scope of work.

Site Review. An on-site assessment is included, with a walk through of facilities to evaluate physical security controls, to validate data obtained, and to perform additional assessments.

Final Report.  A final written report is provided in a format consistent with the requirements of the HIPAA Security rule, 164.308(a)(1)(ii).  This standard calls for an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI.  Eagle’s report will include a list of prioritized recommendations to address risks and vulnerabilities identified.

Call Eagle Today:  216.503.0333

Physicians Practice Security Risk Assessment Solutions

Ensure HIPAA Compliance for Your Practice

Physician Practice:  For this HIPAA Risk Assessment (or HIPAA Risk Analysis), Eagle uses the methodology specified in NIST SP 800-30, which is the only approach explicitly mentioned in the HIPAA Security Rule as an appropriate methodology.  For smaller practices, this risk assessment can be conducted remotely.  For larger practices, an on-site review is recommended.

This assessment is required annually by the CMS “Promoting Interoperability” (PI) programs for Objective #1,  Privacy and Security.   (In April 2018, CMS renamed both the “Advancing Care Information” Performance Category of the MIPS and the physician Medicaid “Meaningful Use” programs to “Promoting Interoperability”.

Eagle Consulting Services GuaranteeThe PI requirement also discusses a Security Management Process. Simply put, the “Security Management Process” consists of the following:  A) Conduct a risk assessment, B) Implement security fixes to correct deficiencies, and C) Repeat.  To fulfill the PI requirement, you must do both A and B.

The EHR software you purchased, and its measure “dashboard”, show no details about this objective since the software has no way of knowing if you meet the requirements of this objective.

For more information regarding the risk assessment and the PI program requirements, see the two posts Achieving Meaningful Use Stage 1 for Privacy and Security and 45 CFR 164.308(a)(1), 45 CFR 164.312(a)(2)(iv) and 45 CFR 164.306(d)(3) Explained. (Note that while CMS renamed “Meaningful Use” to “Promoting Interoperability”, the content of these posts is otherwise current and accurate).

By choosing Eagle’s service, physicians can attest with confidence, without worry if the physician is selected for a government audit for the MIPS or PI programs.  Eagle has a 100% acceptance rate for its clients who have been selected for one of these audits.

Call Eagle Today:  216.503.0333

Hospitals Security Risk Assessment Solutions

Meet Your HIPAA Compliance Deadline on Time and on Budget

Hospitals:  Eagle Consulting assists hospitals and large physician practices with the Privacy and Security objective for the Promoting Interoperability (PI) program (formerly “Meaningful Use” and “Advancing Care Information”).  Included with the HIPAA Security Risk Assessment (or HIPAA Risk Analysis) Eagle will provide a corrective action plan based on findings.

The fundamental purpose of implementing internal controls is to mitigate risk to an acceptable level within the organization.  This assessment is based on the controls specific to the HIPAA Security Rule as they relate to the hospital’s business goals, objectives, and perceived threats.  Our unique assessment measures both compliance to controls and the level of risk that exists as it relates to IT threats existing vulnerabilities, and the probability that these vulnerabilities will be exploited.Eagle Consulting Services Guarantee

Engagement Process

Discovery.  After identifying key participants from the hospital organization, a custom assessment workbook is prepared for each participant.  The workbook includes all of HIPAA Security Rule’s 45 implementation specifications, an additional 25 controls from the ISO 27002 framework, and controls from the Center for Internet Security’s Top 20 Security Controls.  Conducting an effective risk assessment for a larger organization requires a more comprehensive and granular framework, such as ISO 27002.  Select controls from the Center for Internet Security’s Top 20 are also evaluated because these high-priority controls are absent from HIPAA.  Conducting an appropriate risk assessment demands an evaluation of the controls that matter. This process includes a review of Policies & Procedures manuals for compliance with state and federal regulations.

Testing.  Existing security controls will be evaluated, including any previously completed penetration testing and vulnerability scanning.  As an option with this process, Eagle can include either of these evaluations as part of the scope of work.

Site Review. An on-site assessment is included, with a walkthrough of facilities to evaluate physical security controls, to validate data obtained, and to perform additional assessments.

Final Report.  A final written report is provided in a format consistent with the requirements of the HIPAA Security rule, 164.308(a)(1)(ii).  This standard calls for an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI.  Eagle’s report will include a list of prioritized recommendations to address risks and vulnerabilities identified.

Risk Management Support.  The CMS PI objective requires that the hospital address deficiencies identified as part of its ongoing Security Management Process.  Eagle offers retainer agreements to assist with risk management, that is, the process of addressing the issues identified in the HIPAA risk assessment report.  In addition, a variety of services are available to assist with corrective action.

The PI programs all require that the risk assessment be updated annually.

Call Eagle Today:  216.503.0333

Business Associates Security Risk Assessment Solutions

Prove Your HIPAA Compliance (Customers Demand It)

Business Associates: Now you can prove your HIPAA compliance to your customers. Eagle Consulting assists Business Associates with the HIPAA Risk Assessment (or HIPAA Risk Analysis) required by the HIPAA Security Rule. In addition to conducting the HIPAA Security Risk Assessment, Eagle will provide a corrective action plan based on the findings. This graphic illustration of the Security Management Process shows the multiple steps to create a detailed Security Risk Assessment.

When dealing with hospitals, physician practices or insurance companies, a standard framework can be used because the business processes of these entities are generally understood at the onset.  However, there is tremendous variety of Business Associates with vastly different business processes, for example:

  • Eagle Consulting Services GuaranteeBilling services are focused on healthcare and maintain billing and/or electronic records with access to records of a few practices or to records of hundreds of organizations
  • Consulting firms and law firms may send consultants or attorneys on site at hospitals, but never store any electronic PHI in their own systems
  • Medical software authors/resellers may have extensive teams of software developers, and customers may expect that the code is secure.  These organizations may process PHI on a limited basis for data conversions, but otherwise keep no PHI.  In addition, these organizations may maintain electronic access to their client’s systems.
  • A direct mail mailing house may service a wide variety of industries and from time to time handle a large hospital’s mailings to patients

Further, business associates may range from a small organization with a few people to a national organization with hundreds of locations and tens of thousands of employees.  Because of this wide range, an initial discovery phase is necessary as part of the risk assessment process.

Engagement & Eagle Solution Process

Discovery and Control Selection.  The first step is to understand the business processes of the Business Associate, to identify the electronic PHI that it maintains, and to briefly understand the existing controls in place.  Based on the business processes, Eagle identifies the controls that are most appropriate.  The selection process involves reviewing appropriate controls, not only from the HIPAA Implementation Specifications, but also from the more comprehensive and granular framework, ISO 27002.  In addition, Eagle reviews relevant controls from the Center for Internet Security’s Top 20 Security Controls because some of these high-priority controls are absent from HIPAA.

Control Review and Testing.  Using the controls identified above, existing controls will be reviewed in more detail with gaps and deficiencies identified.  Any previous evaluations, such as penetration testing and vulnerability scans, will be reviewed.  As an option with this process, Eagle can include either of these evaluations as part of the scope of work.

Impact Assessment.  Based on an understanding of the quantity of ePHI involved, the nature of the organization, and the reliance on information technology for daily operations, the impact of various failures will be estimated.  Failures evaluated will include data breach, system downtime, and data integrity failures.

Site Review. An on-site assessment is included, with a walk through of facilities to evaluate physical security controls, to validate data obtained, and to perform additional assessments.

Final Report.  A final written report is provided in a format consistent with the requirements of the HIPAA Security rule, 164.308(a)(1)(ii).  This standard calls for an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of ePHI.  Eagle’s report will include a list of prioritized recommendations to address risks and vulnerabilities identified.

Remediation Support.  As a follow-up to the risk assessment, a variety of services are available to assist with corrective action.

Call Eagle Today:  216.503.0333

Government Security Risk Assessment Solutions

Meet Your Agency HIPAA Compliance Requirements

Government:  Eagle Consulting Partners specializes in helping Governmental Agencies comply with the HIPAA law and other applicable Privacy and Security regulations. Eagle has worked with numerous Public Health Departments and agencies serving the developmentally disabled by providing support for HIPAA and other privacy laws.

For over 15 years, Eagle has been at the forefront of serving Ohio County Boards of Developmental Disabilities in conducting HIPAA risk assessments (or HIPAA risk analyses) and creating procedures to protect computer data security and client privacy. Eagle has experience working with GateKeeper, Intellivue, as well as other software used by county boards to provide services.

Our HIPAA Risk Assessment Process:

Eagle Consulting Services Guarantee

Discovery.  After identifying key participants from the organization, a custom assessment workbook is prepared for each participant.  The workbook includes all of the HIPAA Security Rule’s 42 implementation specifications, an additional 25 controls from the ISO 27001/27002 framework, and controls from the Center for Internet Security’s Top 20 Security Controls.  Conducting an effective risk assessment for a larger organization requires a more comprehensive and granular control set, such as ISO 27002.  Select controls from the Center for Internet Security’s Top 20 are also evaluated because these high-priority controls are absent from HIPAA.  Conducting an appropriate risk assessment demands an evaluation of the controls that matter. This process includes a review of Policies & Procedures manuals for compliance with state and federal regulations.

Testing.  Existing security controls will be evaluated, including any previously completed penetration testing and vulnerability scanning.  As an option with this process, Eagle can include either of these evaluations as part of the scope of work.

Site Review. An on-site assessment is included, with a walkthrough of facilities to evaluate physical security controls, to validate data obtained, and to perform additional assessments.

Final Report.  A final written report is provided in a format consistent with the requirements of the HIPAA Security rule, 164.308(a)(1)(ii).  This standard calls for an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI.  Eagle’s report will include a list of prioritized recommendations to address risks and vulnerabilities identified.

Call Eagle Today:  216.503.0333

Payers Security Risk Assessment Solutions

Make Sure Your HIPAA Compliance Plan is Dialed In

Payers:  Eagle Consulting assists Payers with the HIPAA Security Risk Assessment (or HIPAA Security Risk Analysis) required by the HIPAA Security Rule.  Included with the HIPAA Risk Assessment, Eagle will provide a corrective action plan based on the findings.

Our Risk Assessment Process:

Discovery.  After identifying key participants from the organization, a custom assessment workbook is prepared for each participant.  The workbook includes all of the HIPAA Security Rule’s 42 implementation specifications, an additional 25 controls from the ISO 27001/27002 framework, and controls from the Center for Internet Security’sEagle Consulting Services Guarantee 20 Security Controls.  Conducting an effective risk assessment for a larger organization requires a more comprehensive and granular control set, such as ISO 27002.  Select controls from the Center for Internet Security’s Top 20 are also evaluated because these high-priority controls are absent from HIPAA.  Conducting an appropriate risk assessment demands an evaluation of the controls that matter. This process includes a review of Policies & Procedures manuals for compliance with state and federal regulations.

Testing.  Existing security controls will be evaluated, including any previously completed penetration testing and vulnerability scanning.  As an option with this process, Eagle can include either of these evaluations as part of the scope of work.

Site Review. An on-site assessment is included, with a walkthrough of facilities to evaluate physical security controls, to validate data obtained, and to perform additional assessments.

Final Report.  A final written report is provided in a format consistent with the requirements of the HIPAA Security rule, 164.308(a)(1)(ii).  This standard calls for an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI.  Eagle’s report will include a list of prioritized recommendations to address risks and vulnerabilities identified.

Call Eagle Today:  216.503.0333

Other Providers Risk Assessment Solutions

Get Your Company Into HIPAA Compliance on Deadline and on Budget

Other Providers:  Eagle Consulting assists Providers with the HIPAA Risk Assessment (or HIPAA Risk Analysis) required by the HIPAA Security Rule. In addition to conducting the Risk Assessment, Eagle will provide a corrective action plan based on the findings.

Eagle Consulting Services Guarantee

Our HIPAA Risk Assessment Process:

Discovery.  After identifying key participants from the organization, a custom assessment workbook is prepared for each participant.  The workbook includes all of HIPAA Security Rule’s 42 implementation specifications, an additional 25 controls from the ISO 27001/27002 framework, and controls from the Center for Internet Security’s Top 20 Security Controls.  Conducting an effective risk assessment for a larger organization requires a more comprehensive and granular control set, such as ISO 27002.  Select controls from the Center for Internet Security’s Top 20 are also evaluated because these high-priority controls are absent from HIPAA.  Conducting an appropriate risk assessment demands an evaluation of the controls that matter. This process includes review of the Policies & Procedures manuals for compliance with state and federal regulations.

Testing.  Existing security controls will be evaluated, including any previously completed penetration testing and vulnerability scanning.  As an option with this process, Eagle can include either of these evaluations as part of the scope of work.

Site Review. An on-site assessment is included, with a walkthrough of facilities to evaluate physical security controls, to validate data obtained, and to perform additional assessments.

Final Report.  A final written report is provided in a format consistent with the requirements of the HIPAA Security rule, 164.308(a)(1)(ii).  This standard calls for an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI.  Eagle’s report will include a list of prioritized recommendations to address risks and vulnerabilities identified.

Call Eagle Today:  216.503.0333

Call Eagle Today:  216.503.0333

Get the Eagle Risk Assessment JumpStart:  We’ve prepared guidance to help you learn more about the risk assessment process…

Eagle Risk Assessment JumpStart Get your 4-page risk analysis jump start today.

 

What Our Customers Say…

“Gary has always been very helpful and easy to communicate with. I appreciate all the help and guidance he has given me on a recent project. Another company has recently contacted me for a reference, and I gave a high rating.” -Julie, Virginia

 

“Mike is very professional and knowledgeable. Would highly recommend him to colleagues!” -Linda, Rhode Island

 

“Very efficient and timely. I’m extremely satisfied with your services.” -Robin, West Virginia

More Details About Eagle HIPAA Security Risk Analysis Solutions

No. of HIPAA Compliance Complaint Cases Investigated by HHS (source: HHS.gov)

HIPAA violation complaints have been increasing, according to HHS.gov — 8752 were recorded in 2010, and 17,643 in 2015. The HIPAA Risk Assessment (“security risk analysis”) is a mandatory requirement of the HIPAA Security rule. The rule states that a Computer Security Risk Analysis should be completed periodically and that deficiencies should be corrected. The Health and Human Services Office of Civil Rights, the agency responsible for HIPAA enforcement, repeatedly stresses the importance of a “thorough and accurate” Risk Assessment.  Most of the enforcement cases have cited deficiencies in the risk analysis.

An annual Computer Security Risk Analysis is a required objective for all of versions of the CMS “Promoting Interoperability” programs, formerly known as “Meaningful Use” and “Advancing Care Information”.

Eagle has a long experience in successful risk assessment and solutions for healthcare providers
Eagle Healthcare Consultants

Pin It on Pinterest