By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    improving patient experience
    6 Ways to Improve Patient Satisfaction Within Hospitals
    December 1, 2021
    degree for healthcare job
    What Are The Health Benefits Of Having A Degree?
    March 9, 2022
    custom software development is changing healthcare
    Digital Customer Journey Mapping and its Importance for Healthcare
    July 21, 2022
    Latest News
    Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
    May 16, 2025
    Learn how to Renew your Medical Card in West Virginia
    May 16, 2025
    Choosing the Right Supplement Manufacturer for Your Brand
    May 1, 2025
    Engineering Temporary Hospitals for Extreme Weather
    April 24, 2025
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    Can Thinking Younger Make You Live Longer?
    April 20, 2011
    Image
    Obesity’s Outlook Unchanged
    June 13, 2011
    When It’s An Emergency Elderly Not Treated As Well in Hospitals
    July 16, 2011
    Latest News
    Building Smarter Care Teams: Aligning Roles, Structure, and Clinical Expertise
    May 18, 2025
    The Critical Role of Healthcare in Personal Injury Recovery: A Comprehensive Guide for Victims
    May 14, 2025
    The Backbone of Successful Trials: Clinical Data Management
    April 28, 2025
    Advancing Your Healthcare Career through Education and Specialization
    April 16, 2025
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: Why You Should Perform a HIPAA Risk Assessment
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > Policy & Law > Health care > Why You Should Perform a HIPAA Risk Assessment
eHealthHealth carePolicy & Law

Why You Should Perform a HIPAA Risk Assessment

Adnan Raja
Last updated: July 31, 2018 10:38 pm
Adnan Raja
Share
4 Min Read
SHARE

 

Contents
HIPAA risk assessments are required by lawReal-world value of a risk assessmentBreadth of risk extends through communicationsKeeping risk assessment simple

A core element in preventing breaches is a healthcare-compliant risk assessment. However, the most obvious reason that a risk assessment that meets the parameters of the Health Insurance Portability and Accountability Act (HIPAA) should be conducted is that it is required by law for any organizations that come into contact with protected health information (PHI). This assessment or analysis is required by the Department of Health and Human Services (HHS) but also has real functional value in organizing your protective measures and revealing any areas that need improvement.

HIPAA risk assessments are required by law

By analyzing threats to your business, their likelihood, and potential impact, you are guided toward various administrative, technical, and physical safeguards that defend against these risks and maintain HIPAA compliance. There is flexibility built into these parameters to reflect the different sizes, complexities, and budgets of different organizations; specific measures you take should be “reasonable and appropriate” to the context, per the HHS. However, what is mandatory for compliance is that a risk assessment must be performed in order to determine how to move forward with security measures.

Real-world value of a risk assessment

A risk assessment is not simply a tedious compliance chore but a practice that has real-world value for your organization. You want to know where your security mechanisms need attention; after all, building up your defenses where they are most needed is fundamental to preventing healthcare breaches “What is Considered a HIPAA Breach in 2018?“. In the case of using a HIPAA hosting provider or other tech business associate, you want to know that their systems are sound, so it helps to know that they are held responsible for assessing their risk as well.

More Read

Online Messaging Can Improve Support Group Relationships
American Academy of Orthopaedic Surgeons – Practice Forward 2011
Too Few Primary Care Physicians
How Technology Solutions Are Shaping The Future Of Home Healthcare
Mobile Health Around the Globe: Telemedicine and Peritoneal Dialysis in India

Breadth of risk extends through communications

A type of breach that can be difficult to remember is that of the unintentionally noncompliant, non-malicious insider. A key area in which that type of breach might occur is within communications, especially marketing.

It is helpful to consider thoughts from the Data & Marketing Association (DMA) on this topic because there are specific considerations for HIPAA compliance related to marketing efforts (such as social media), as with any other communications.

The DMA noted that it is necessary to get signed authorization from patients prior to any communications by the HIPAA-compliant organization that might result in revenue (also called subsidized communications). In other words, marketing requires the express consent of each patient. Healthcare organizations (and business associates that handle protected health information or PHI) can interact with patients through various standard communication channels, though, as long as the healthcare entity is not getting paid by an outside entity to perform the communication (which would classify it as subsidized marketing).

Keeping risk assessment simple

You want to be broadly assessing risk, and you want all the organizations that provide your data services to be carefully assessing risk as well. This whole process becomes simpler when you work with organizations that have an established track record in healthcare IT. It is also helpful, beyond these risk assessments, if business associates have additional third-party security credentials in place, such as a Statement on Standards for Attestation Engagements 18 (SSAE 18; formerly SSAE 16) audit.

Share This Article
Facebook Copy Link Print
Share
By Adnan Raja
Follow:
With over 10 years of experience in marketing and business strategy, Adnan has successfully branded and launched products from concept to marketing to profitable campaigns. He is always looking for innovative, pioneering strategies to grow the business via partnerships and revenue opportunities.

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

Clinical Expertise
Building Smarter Care Teams: Aligning Roles, Structure, and Clinical Expertise
Health care
May 18, 2025
Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
Health
May 15, 2025
Learn how to Renew your Medical Card in West Virginia
Learn how to Renew your Medical Card in West Virginia
Health
May 15, 2025
Dr. Klaus Rentrop Shares Acute Myocardial Infarction heart treatment
Dr. Klaus Rentrop Shares Acute Myocardial Infarction
Cardiology
May 13, 2025

You Might also Like

Strategic Planning
BusinesseHealthHealth ReformMedical RecordsTechnology

Top 5 Strategic Planning Challenges for CIOs

September 9, 2014
health and technology
eHealthMedical DevicesMedical InnovationsTechnology

Technology and Healthcare Efficiency: Not Always the Perfect Match

June 21, 2014
medical education
Medical EducationPolicy & Law

Top 6 Essentials To Survive Medical School

November 3, 2021

EHR Implementation Struggles: Three Ways Forward

July 8, 2013
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?