When Was Last Time Your Medical Practice Had a HIPAA Risk Assessment?

HiPAA Risk Assessment

As you are probably aware, the government has begun the first round of HIPAA compliance audits - these audits have included physician practices. So the million dollar question is: Is your medical practice really in HIPAA compliance? I find most are not even though they think they are.

Ask These Questions

A good first step to HIPAA compliance is to conduct an internal HIPAA risk assessment. At a minimum, a risk assessment must include these questions:

  • What types of protected health information (PHI) do we possess, receive, store or transmit?
  • How sensitive is this data in what it reveals about patient medical conditions, procedures, diagnoses and prescriptions?
  • Data about sexually transmitted diseases, sexual health, pregnancies and mental health are considered especially sensitive.
  • How valuable or desirable might this data be to criminals? Inclusion of social security numbers, mother's maiden names, home addresses, payment details and long-term medical history are considered sensitive because they can be used by criminals to commit financial and healthcare fraud.
  • What steps and procedures are in place in our medical practice right now to protect the PHI we possess, receive, store or transmit?
  • Finally, what additional steps, procedures, or technologies are necessary to bring our data protections into line with generally accepted information-technology standards or with National Institute of Standards & Technology (NIST)?

Have questions? I’m here to help.

This field is for validation purposes and should be left unchanged.