Business Commons^™

Hipaa Update: Conducting A Security Risk Analysis, Jennifer Cosey

The Journal of the Michigan Dental Association

The Health Insurance Portability and Accountability Act (HIPAA) Security Rule mandates periodic security risk analyses (SRA) to assess compliance. This analysis evaluates threats and vulnerabilities to electronic protected health information (EPHI) and considers all devices connected to a network. While the Security Rule is flexible, small organizations must still adhere to its standards. IT vendors and staff play a crucial role in implementing HIPAA safeguards. Threats and vulnerabilities must be identified to select appropriate safeguards for EPHI. These safeguards include administrative, physical, and technical measures. Addressable specifications should be implemented if reasonable, and documentation of decisions is essential. A Technical …