Security Risk Assessment

SRA Urgency

click to view larger

Most healthcare organizations are aware that regular Security Risk Assessments (SRAs) are no longer optional; instead, they are required and stringently enforced. HIPAA Privacy and Security Rules require organizations that handle health information to routinely review the administrative, physical, and technical safeguards they have in place to protect the security of patient health information (PHI). SRAs are also a mandatory requirement for providers seeking payment through the Medicare and Medicaid EHR Incentive Program, commonly known as the Meaningful Use Program.

Although conducting regular SRAs may seem to be a hassle, the cost of failing to conduct them and remediate risks is much worse. Penalties can include millions of dollars in fines, civil and criminal litigation, restitution, and damage to institutional and professional reputations.

Simplify Your Next Security Risk Assessment

The good news is ClearDATA makes it painless and simple. ClearDATA’s expert Information Security team has conducted and successfully delivered thousands of security risk assessments to healthcare organizations of all sizes and types. Our comprehensive process provides you with a clear, unbiased analysis of your organizations compliance to all 20 Security Standards and more than 60 Safeguard Criteria.

Each security risk assessment provides both non-technical and technical remediation steps so that both executive and technical teams can understand the risk and appropriate remediation steps for their size organization. In addition, all completed SRA’s fully satisfy the ONC’s Meaningful Use CORE criteria audit requirements.

Why Choose ClearDATA for Your Next SRA?

  • Avoid the do-it-yourself hassle that can consume significant time and resources while leaving you exposed to risk due to inexperience or bias
  • Go further than checklist tools that do not provide actionable risk remediation recommendations
  • Work with a third-party expert that can minimize staff time, business interruptions, and risk
  • Certifications from the International Association of Privacy Professionals, including CIPP/US, CIPT, and CIPM
  • Experience working with leading healthcare law firms in support of breach notifications, remediation strategies, and forensic discovery
  • Comprehensive, audit-ready report with findings and recommendations that includes detailed vulnerabilities and remediation recommendations.

The ClearDATA Security Risk Assessment

Essential Components
ClearDATA security risk assessments include a complete examination of these essentials:

  • Review of PHI inventory to determine where electronic and other data is located
  • Examination of the three safeguards required by 45 CFR 164.308 (a)(1) — administrative, physical and technical, including the latest Omnibus rules. (This is a facet many assessment providers overlook.)
  • Assessment of current operations for HIPAA compliance, including safeguards in place, as well as vulnerabilities and specific threats to safeguards
  • Evaluation of existing security policies and procedures

Common Areas of Assessment
ClearDATA’s approach is a focused risk management framework based on HITRUST standards and the Common Security Framework. Major security and privacy domains include:

  • Information Protection Program
  • Endpoint Protection
  • Portable Media Security
  • Mobile Device Security
  • Wireless Security
  • Configuration Management
  • Vulnerability Management
  • Network Protection
  • Transmission Protection
  • Password Management
  • Access Control
  • Audit Logging and Monitoring
  • Education, Training and Awareness
  • Third Party Assurance
  • Incident Management
  • Business Continuity & Disaster Recovery
  • Risk Management
  • Physical & Environmental Security
  • Data Protection & Privacy

Comprehensive Findings & Recommendations

ClearDATA provides a comprehensive, audit-ready report with findings and recommendations that includes detailed vulnerabilities and remediation recommendations. Remediation may include outsourcing disaster recovery, backup and restore processes, information hosting, and perimeter testing through a HIPAA-compliant, cloud-based infrastructure. With this option both IT and security burdens are offloaded to seasoned experts.

For more information on ClearDATA’s Security Risk Assessment or to receive a free no-obligation quote, please contact us online or call (800) 804-6052.