By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: Why You Should Perform a HIPAA Risk Assessment
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > Policy & Law > Health care > Why You Should Perform a HIPAA Risk Assessment
eHealthHealth carePolicy & Law

Why You Should Perform a HIPAA Risk Assessment

Adnan Raja
Adnan Raja
Share
4 Min Read
SHARE

 

Contents
  • HIPAA risk assessments are required by law
  • Real-world value of a risk assessment
  • Breadth of risk extends through communications
  • Keeping risk assessment simple

A core element in preventing breaches is a healthcare-compliant risk assessment. However, the most obvious reason that a risk assessment that meets the parameters of the Health Insurance Portability and Accountability Act (HIPAA) should be conducted is that it is required by law for any organizations that come into contact with protected health information (PHI). This assessment or analysis is required by the Department of Health and Human Services (HHS) but also has real functional value in organizing your protective measures and revealing any areas that need improvement.

HIPAA risk assessments are required by law

By analyzing threats to your business, their likelihood, and potential impact, you are guided toward various administrative, technical, and physical safeguards that defend against these risks and maintain HIPAA compliance. There is flexibility built into these parameters to reflect the different sizes, complexities, and budgets of different organizations; specific measures you take should be “reasonable and appropriate” to the context, per the HHS. However, what is mandatory for compliance is that a risk assessment must be performed in order to determine how to move forward with security measures.

Real-world value of a risk assessment

A risk assessment is not simply a tedious compliance chore but a practice that has real-world value for your organization. You want to know where your security mechanisms need attention; after all, building up your defenses where they are most needed is fundamental to preventing healthcare breaches “What is Considered a HIPAA Breach in 2018?“. In the case of using a HIPAA hosting provider or other tech business associate, you want to know that their systems are sound, so it helps to know that they are held responsible for assessing their risk as well.

More Read

Healthcare Reputation Management in a Web 3.0 World
A New Age for Smartphone Apps
Person-Centered HealthCare: GetWellNetwork Offers Interactive Patient Care
Really Local Healthcare Marketing
Personalize Your Hospital with Instagram’s Hyperlapse App

Breadth of risk extends through communications

A type of breach that can be difficult to remember is that of the unintentionally noncompliant, non-malicious insider. A key area in which that type of breach might occur is within communications, especially marketing.

It is helpful to consider thoughts from the Data & Marketing Association (DMA) on this topic because there are specific considerations for HIPAA compliance related to marketing efforts (such as social media), as with any other communications.

The DMA noted that it is necessary to get signed authorization from patients prior to any communications by the HIPAA-compliant organization that might result in revenue (also called subsidized communications). In other words, marketing requires the express consent of each patient. Healthcare organizations (and business associates that handle protected health information or PHI) can interact with patients through various standard communication channels, though, as long as the healthcare entity is not getting paid by an outside entity to perform the communication (which would classify it as subsidized marketing).

Keeping risk assessment simple

You want to be broadly assessing risk, and you want all the organizations that provide your data services to be carefully assessing risk as well. This whole process becomes simpler when you work with organizations that have an established track record in healthcare IT. It is also helpful, beyond these risk assessments, if business associates have additional third-party security credentials in place, such as a Statement on Standards for Attestation Engagements 18 (SSAE 18; formerly SSAE 16) audit.

Share This Article
Facebook Copy Link Print
Share
By Adnan Raja
Follow:
With over 10 years of experience in marketing and business strategy, Adnan has successfully branded and launched products from concept to marketing to profitable campaigns. He is always looking for innovative, pioneering strategies to grow the business via partnerships and revenue opportunities.

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

a woman walking on the hallway
6 Easy Healthcare Ways to Sit Less and Move More Every Day
Health
September 9, 2025
Clinical Expertise
Healthcare at a Crossroads: Why Leadership Matters More Than Ever
Global Healthcare
September 9, 2025
travel nurse in north carolina
Balancing Speed and Scope: Choosing the Nursing Degree That Fits Your Goals
Nursing
September 1, 2025
intimacy
How to Keep Intimacy Comfortable as You Age
Relationship and Lifestyle Senior Care
September 1, 2025

You Might also Like

Creating Your Mission in Health IT Can Lead to Unanticipated Consequences

June 3, 2013
conducting Clinical Trial
Global Healthcare

5 Tips for Conducting a Clinical Trial

July 26, 2023
Global HealthcareHealth careMental Health

4 Simple Steps For Solving The Real Cause Of Your Depression

July 2, 2019
Health careWellness

What Is More Effective: Fighting Depression Or Denying It?

May 6, 2019
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?