Breaches of PHI can prove costly, resulting in monetary penalties, legal fees, reparations, and reputational harm. This is no time to go it alone. As the leader in healthcare IT security, Redspin has helped hundreds of covered entities and business associates safeguard PHI while fulfilling their security risk analysis requirements under HIPAA and/or Meaningful Use.
All HIPAA-covered entities and business associates are required to conduct or update an IT security risk analysis on a regular and ongoing basis. This means identifying any risks and vulnerabilities that could affect the confidentiality, integrity and availability of electronic protected health information (ePHI). Then, you must implement policies, procedures, and other measures to prevent security violations, and to reduce vulnerabilities to a reasonable and appropriate level.
Redspin's HIPAA security risk analysis is conducted as per the Security Rule administrative safeguards 45 CFR 164.308(a) (1) and 45 CFR 164.308(a)(8). It also meets EHR Meaningful Use Incentive Program requirements for eligible hospitals and eligible providers. Our comprehensive approach uses technical and non-technical methods to identify: 1) missing controls (by performing a gap analysis comparing implemented safeguards to those required by the HIPAA Security Rule) and 2) non-functioning controls (by comparing documented policies and procedures to actual implemented controls).
After completing our analysis, we will identify and report vulnerabilities which may lead to the compromise of the confidentiality, integrity, and availability of your data and network operations. We communicate these vulnerabilities in our reports in prioritized, risk-adjusted order with actionable recommendations to remedy or mitigate these risks, taking into context your culture and IT resources. Our report of findings will help management allocate and direct the appropriate resources towards vastly improving your information and network security and promoting a culture of security awareness within your organization.