1 / 8

Risk Analysis and HIPAA Security

Risk Analysis and HIPAA Security. Uday O. Ali Pabrai , CHSS, SCNA Chief Executive and Co-Founder, HIPAA Academy. Objective. Definition Seven Steps to HIPAA Security Step 2: Risk Analysis Scope Phases Getting Started Bottom line. Definition.

erling
Download Presentation

Risk Analysis and HIPAA Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Risk Analysis and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive and Co-Founder, HIPAA Academy

  2. Objective • Definition • Seven Steps to HIPAA Security • Step 2: Risk Analysis • Scope • Phases • Getting Started • Bottom line

  3. Definition • Process to identify relevant assets and threats • Identifies potential safeguards to mitigate critical risk • A HIPAA Security Rule requirement • Establish the “State of Risk” associated with the Organization

  4. Seven Steps to HIPAA Security

  5. Scope • Risk Analysis is Step 2 • It includes addressing the areas of: • Vulnerability Assessment • Scanning Tools • Business Impact Analysis (BIA) • Critical Business Functions • Information System Activity Review • Audit Logs

  6. Phases of Risk Analysis • Phase I: e-PHI Documentation • Document e-PHI Flow, Vital Systems • Phase II: e-PHI Risk Assessment • Identify Vulnerabilities • Recommend Safeguards • Phase III: e-PHI Safeguards Determination • Likelihood of Risk • Impact to e-PHI • Remaining Risk to e-PHI

  7. Getting Started • Phase I: e-PHI Documentation • e-PHI Flow Diagrams • Network Diagrams • Asset Inventory • Risk Assessment Surveys • Phase II: e-PHI Risk Assessment • HIPAAShieldTM BIA Report • HIPAAShieldTM Vulnerability Report • Phase III: e-PHI Safeguards Determination • HIPAAShieldTM Risk Analysis Report

  8. Bottom line “We must be compulsive about managing risk.” PDF on “HIPAA Security and Risk Analysis” Available at: HIPAAAcademy.Net

More Related