A HIPAA Risk Analysis is required by law to be performed by every Covered Entity and Business Associate, as defined by HIPAA. Additionally, completion of the Risk Analysis is a core requirement to meet Meaningful Use objectives. The HIPAA Security Final Rule states:
45 C.F.R. § 164.308(a)(1)(ii)(A) RISK ANALYSIS (Required).
“Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the [organization].”
In order to better protect the sensitive information of the Practice’s patients, and to comply with HIPAA and HITECH security requirements, the Practice and Codex conducted an accurate and thorough assessment of the potential risks and vulnerabilities affecting the confidentiality, integrity, and availability of the ePHI generated and held by the Practice.
Codex Techworks can complete an analysis of your practice’s system environment by reviewing all systems, applications, communication systems, and hardware that store, process, or transmit ePHI and their interdependencies, including the EHR, practice management system, lab systems, coding systems, etc. in order to determine vulnerabilities as well as maintain your practice’s compliance with current HIPAA requirements.