The Health Insurance Portability and Accountability Act (HIPAA) provides federal protections for personal health information, and sets compliance standards for entities that handle and use the information. CLA’s HIPAA risk assessment lays the foundation for developing and implementing administrative, technical, and physical controls to keep patient information secure.
What’s on your mind?
- Performing the required annual information technology risk assessment
- Complying with HIPAA standards
- Threats to the control environment
- Adequacy of current controls
A unique approach
Our team consists of cybersecurity professionals who stay current on hacking techniques and the latest cyber crimes, and CPAs and consultants who understand health care industry regulations.
Our risk assessment process is based on guidelines defined in the National Institute of Standards and Technology Special Publication 800-30 Risk Management Guide for Information Technology Systems, which defines nine primary steps in analyzing risk:
- System characterization
- Threat identification
- Vulnerability identification
- Control analysis
- Likelihood determination
- Impact analysis
- Risk determination
- Control recommendations
- Results documentation
HIPAA risk services
Your HIPAA risk assessment will include a report on residual risks and gaps in your control environment, and recommendations on how to improve the management and security of your data and information technology.
InsightsSee All Insights
Blog 5/3/2022Discord Users Beware of Server Hijacks
Blog 4/29/2022GLBA Safeguards Rule Update
Blog 4/4/2022FBI-Ransomware Impacting Local Governments
Media coverage 3/28/2022Download AGA’s Report: CLA Contributed Research on Government Cybersecurity
EventsSee All Events
Event 6/28/2022 – 7/1/2022Association of Credit Union and Internal Auditors Annual Conference
Event 5/22/2022 – 5/25/2022CUNA Finance Council Conference 2022