The Health Insurance Portability and Accountability Act (HIPAA) provides federal protections for personal health information, and sets compliance standards for entities that handle and use the information. CLA’s HIPAA risk assessment lays the foundation for developing and implementing administrative, technical, and physical controls to keep patient information secure.
What’s on your mind?
- Performing the required annual information technology risk assessment
- Complying with HIPAA standards
- Threats to the control environment
- Adequacy of current controls
A unique approach
Our team consists of cybersecurity professionals who stay current on hacking techniques and the latest cyber crimes, and CPAs and consultants who understand health care industry regulations.
Our risk assessment process is based on guidelines defined in the National Institute of Standards and Technology Special Publication 800-30 Risk Management Guide for Information Technology Systems, which defines nine primary steps in analyzing risk:
- System characterization
- Threat identification
- Vulnerability identification
- Control analysis
- Likelihood determination
- Impact analysis
- Risk determination
- Control recommendations
- Results documentation
HIPAA risk services
Your HIPAA risk assessment will include a report on residual risks and gaps in your control environment, and recommendations on how to improve the management and security of your data and information technology.