By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    learn to recognize and treat yeast infections
    Most Commonly Asked Questions About Yeast Infections
    November 17, 2021
    Advanced lung cancer diagnosis systems used by doctors
    Advanced Lung Cancer Diagnosis Systems Used by Doctors
    March 6, 2022
    The Top Benefits of a Wearable Blood Pressure Monitor Watch
    The Top Benefits of a Wearable Blood Pressure Monitor Watch
    June 13, 2022
    Latest News
    5 Steps to a Promising Career as a Healthcare Administrator
    July 31, 2025
    Why Custom Telemedicine Apps Outperform Off‑the‑Shelf Solutions
    July 20, 2025
    How Probate Planning Shapes the Future of Your Estate and Family Care
    July 17, 2025
    Beyond Nutrition: Everyday Foods That Support Whole-Body Health
    June 15, 2025
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    Soaring Medical Costs Pinned on Medical Devices
    June 7, 2011
    Debt Ceiling Negotiations on Health Care are Mere Cost Shifting
    July 15, 2011
    Is Kathleen Sebelius Listening to the NCPA?
    August 29, 2011
    Latest News
    How IT and Marketing Teams Can Collaborate to Protect Patient Trust
    July 17, 2025
    How Health Choices and Legal Actions Intersect After an Injury
    July 17, 2025
    How communities and healthcare providers can address slip and fall injuries with legal awareness
    July 17, 2025
    Let Your Lawyer Handle the Work Before You Pay Medical Costs
    July 6, 2025
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: Why You Should Perform a HIPAA Risk Assessment
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > Policy & Law > Health care > Why You Should Perform a HIPAA Risk Assessment
eHealthHealth carePolicy & Law

Why You Should Perform a HIPAA Risk Assessment

Adnan Raja
Adnan Raja
Share
4 Min Read
SHARE

 

Contents
HIPAA risk assessments are required by lawReal-world value of a risk assessmentBreadth of risk extends through communicationsKeeping risk assessment simple

A core element in preventing breaches is a healthcare-compliant risk assessment. However, the most obvious reason that a risk assessment that meets the parameters of the Health Insurance Portability and Accountability Act (HIPAA) should be conducted is that it is required by law for any organizations that come into contact with protected health information (PHI). This assessment or analysis is required by the Department of Health and Human Services (HHS) but also has real functional value in organizing your protective measures and revealing any areas that need improvement.

HIPAA risk assessments are required by law

By analyzing threats to your business, their likelihood, and potential impact, you are guided toward various administrative, technical, and physical safeguards that defend against these risks and maintain HIPAA compliance. There is flexibility built into these parameters to reflect the different sizes, complexities, and budgets of different organizations; specific measures you take should be “reasonable and appropriate” to the context, per the HHS. However, what is mandatory for compliance is that a risk assessment must be performed in order to determine how to move forward with security measures.

Real-world value of a risk assessment

A risk assessment is not simply a tedious compliance chore but a practice that has real-world value for your organization. You want to know where your security mechanisms need attention; after all, building up your defenses where they are most needed is fundamental to preventing healthcare breaches “What is Considered a HIPAA Breach in 2018?“. In the case of using a HIPAA hosting provider or other tech business associate, you want to know that their systems are sound, so it helps to know that they are held responsible for assessing their risk as well.

More Read

New Surgical Technologies Are Improving Healthcare Outcomes
Everything You Need To Know About Birth Injury Claims
Prescription Drug Monitoring Programs
7 Things The Elderly Should Know Before Signing Up For A Medicare Plan
Beyond the Buzz: The Healthcare Guide to Getty Images

Breadth of risk extends through communications

A type of breach that can be difficult to remember is that of the unintentionally noncompliant, non-malicious insider. A key area in which that type of breach might occur is within communications, especially marketing.

It is helpful to consider thoughts from the Data & Marketing Association (DMA) on this topic because there are specific considerations for HIPAA compliance related to marketing efforts (such as social media), as with any other communications.

The DMA noted that it is necessary to get signed authorization from patients prior to any communications by the HIPAA-compliant organization that might result in revenue (also called subsidized communications). In other words, marketing requires the express consent of each patient. Healthcare organizations (and business associates that handle protected health information or PHI) can interact with patients through various standard communication channels, though, as long as the healthcare entity is not getting paid by an outside entity to perform the communication (which would classify it as subsidized marketing).

Keeping risk assessment simple

You want to be broadly assessing risk, and you want all the organizations that provide your data services to be carefully assessing risk as well. This whole process becomes simpler when you work with organizations that have an established track record in healthcare IT. It is also helpful, beyond these risk assessments, if business associates have additional third-party security credentials in place, such as a Statement on Standards for Attestation Engagements 18 (SSAE 18; formerly SSAE 16) audit.

Share This Article
Facebook Copy Link Print
Share
By Adnan Raja
Follow:
With over 10 years of experience in marketing and business strategy, Adnan has successfully branded and launched products from concept to marketing to profitable campaigns. He is always looking for innovative, pioneering strategies to grow the business via partnerships and revenue opportunities.

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

5 Steps to a Promising Career as a Healthcare Administrator
5 Steps to a Promising Career as a Healthcare Administrator
Health
July 31, 2025
holistic dental
Holistic Dentist Services Are Natural and Safe
Dental health Specialties
July 28, 2025
botox certification
Help Improve People’s Skin Health Via Botox Certification
Skin Specialties
July 22, 2025
Telemedicine Apps
Why Custom Telemedicine Apps Outperform Off‑the‑Shelf Solutions
Health
July 20, 2025

You Might also Like

Ways to Enhance Your Hospital’s Instagram Presence

April 2, 2014
patient care
BusinessFinanceHealth Reform

Will It Be About Patients This Time?

January 22, 2015

Are Decision Support Tools Turning Doctors into Idiots?

April 20, 2011

Engage With Grace

November 22, 2012
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?