By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    bowl of vegetable salad
    Raw Foods: benefits and harms
    November 9, 2021
    pros and cons of the keto diet
    Read This Before You Follow the Keto Diet
    May 18, 2022
    spinal cord injuries
    4 Potential Causes of Spinal Cord Injuries (and How to Seek Compensation)
    May 25, 2022
    Latest News
    7 Most Common Healthcare Accreditation Programs: Which Should You Use?
    August 20, 2025
    Hospital Pest Control and the Fight Against Superbugs
    August 20, 2025
    Hygiene Beyond The Clinic: Attention To Overlooked Non-Clinical Spaces
    August 13, 2025
    5 Steps to a Promising Career as a Healthcare Administrator
    August 3, 2025
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    The Hidden Epidemic of Nursing Home Abuse
    February 16, 2021
    Smiles Make the World Go Around
    August 25, 2017
    Those Pesky Tension Headaches
    September 12, 2017
    Latest News
    How Social Security Disability Shapes Access to Care and Everyday Health
    August 20, 2025
    How a DUI Lawyer Can Help When Your Future Health Feels Uncertain
    August 20, 2025
    How One Fall Can Lead to a Long Road of Medical Complications
    August 20, 2025
    How IT and Marketing Teams Can Collaborate to Protect Patient Trust
    July 17, 2025
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: Why You Should Perform a HIPAA Risk Assessment
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > Policy & Law > Health care > Why You Should Perform a HIPAA Risk Assessment
eHealthHealth carePolicy & Law

Why You Should Perform a HIPAA Risk Assessment

Adnan Raja
Adnan Raja
Share
4 Min Read
SHARE

 

Contents
  • HIPAA risk assessments are required by law
  • Real-world value of a risk assessment
  • Breadth of risk extends through communications
  • Keeping risk assessment simple

A core element in preventing breaches is a healthcare-compliant risk assessment. However, the most obvious reason that a risk assessment that meets the parameters of the Health Insurance Portability and Accountability Act (HIPAA) should be conducted is that it is required by law for any organizations that come into contact with protected health information (PHI). This assessment or analysis is required by the Department of Health and Human Services (HHS) but also has real functional value in organizing your protective measures and revealing any areas that need improvement.

HIPAA risk assessments are required by law

By analyzing threats to your business, their likelihood, and potential impact, you are guided toward various administrative, technical, and physical safeguards that defend against these risks and maintain HIPAA compliance. There is flexibility built into these parameters to reflect the different sizes, complexities, and budgets of different organizations; specific measures you take should be “reasonable and appropriate” to the context, per the HHS. However, what is mandatory for compliance is that a risk assessment must be performed in order to determine how to move forward with security measures.

Real-world value of a risk assessment

A risk assessment is not simply a tedious compliance chore but a practice that has real-world value for your organization. You want to know where your security mechanisms need attention; after all, building up your defenses where they are most needed is fundamental to preventing healthcare breaches “What is Considered a HIPAA Breach in 2018?“. In the case of using a HIPAA hosting provider or other tech business associate, you want to know that their systems are sound, so it helps to know that they are held responsible for assessing their risk as well.

More Read

12 Common IRO Questions Answered
The Health Benefits of Cannabis: What Are You Missing Out On?
3 Limitations of Australia’s Public Healthcare System and How to Deal with them
Shared Decision Making: Not Ready For Prime Time
Promising New Patient Recovery Science

Breadth of risk extends through communications

A type of breach that can be difficult to remember is that of the unintentionally noncompliant, non-malicious insider. A key area in which that type of breach might occur is within communications, especially marketing.

It is helpful to consider thoughts from the Data & Marketing Association (DMA) on this topic because there are specific considerations for HIPAA compliance related to marketing efforts (such as social media), as with any other communications.

The DMA noted that it is necessary to get signed authorization from patients prior to any communications by the HIPAA-compliant organization that might result in revenue (also called subsidized communications). In other words, marketing requires the express consent of each patient. Healthcare organizations (and business associates that handle protected health information or PHI) can interact with patients through various standard communication channels, though, as long as the healthcare entity is not getting paid by an outside entity to perform the communication (which would classify it as subsidized marketing).

Keeping risk assessment simple

You want to be broadly assessing risk, and you want all the organizations that provide your data services to be carefully assessing risk as well. This whole process becomes simpler when you work with organizations that have an established track record in healthcare IT. It is also helpful, beyond these risk assessments, if business associates have additional third-party security credentials in place, such as a Statement on Standards for Attestation Engagements 18 (SSAE 18; formerly SSAE 16) audit.

Share This Article
Facebook Copy Link Print
Share
By Adnan Raja
Follow:
With over 10 years of experience in marketing and business strategy, Adnan has successfully branded and launched products from concept to marketing to profitable campaigns. He is always looking for innovative, pioneering strategies to grow the business via partnerships and revenue opportunities.

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

engineer fitting prosthetic arm
How Social Security Disability Shapes Access to Care and Everyday Health
Health care
August 20, 2025
a woman explaining the document
How a DUI Lawyer Can Help When Your Future Health Feels Uncertain
Public Health
August 20, 2025
physiotherapist at work
How One Fall Can Lead to a Long Road of Medical Complications
Health care
August 20, 2025
Common Healthcare Accreditation Programs
7 Most Common Healthcare Accreditation Programs: Which Should You Use?
Health News
August 20, 2025

You Might also Like

heath exchange enrollment rates
FinanceHealth ReformPolicy & LawPublic Health

Health Exchange Enrollment: Speed of Light or…Molasses

November 13, 2013

Verizon And Casio Introduce Android Smartphone Ruggedized for Hospital Use

April 29, 2011
eHealthMobile HealthTechnology

How Doctors Can Use Mobile eHealth Apps To Monitor Their Patients

March 19, 2019

Connecting Social Media and EHRs as a Research Tool

February 19, 2016
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?