By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    headphones can create health problems
    The Harmful Health Effects of Using Headphones
    September 24, 2021
    Headache causes
    4 Causes Of Headache You Probably Didn’t Know About
    December 28, 2021
    follow these steps to recover from your injury
    What Steps Should You Take to Recover More Quickly from an Injury?
    April 12, 2022
    Latest News
    Beyond Nutrition: Everyday Foods That Support Whole-Body Health
    June 15, 2025
    The Wide-Ranging Benefits of Magnesium Supplements
    June 11, 2025
    The Best Home Remedies for Migraines
    June 5, 2025
    The Hidden Impact Of Stress On Your Body’s Alignment And Balance
    May 22, 2025
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    Cash Transfers: Good for HIV/AIDS Too
    August 9, 2012
    unnecessary medical tests
    Eagerly Awaiting the Death of Defensive Medicine
    September 5, 2013
    Image
    Mobile Health Around the Globe – mHealth Fighting Malnutrition in India
    December 17, 2012
    Latest News
    Let Your Lawyer Handle the Work Before You Pay Medical Costs
    July 6, 2025
    Top HIPAA-Compliant Messaging Apps for Healthcare Teams
    June 25, 2025
    When Healthcare Ends, the Legal Process Begins: What Families Should Know About Probate and Medical Estates
    June 20, 2025
    Preventing Contamination In Healthcare Facilities Starts With Hygiene
    June 15, 2025
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: Why You Should Perform a HIPAA Risk Assessment
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > Policy & Law > Health care > Why You Should Perform a HIPAA Risk Assessment
eHealthHealth carePolicy & Law

Why You Should Perform a HIPAA Risk Assessment

Adnan Raja
Adnan Raja
Share
4 Min Read
SHARE

 

Contents
HIPAA risk assessments are required by lawReal-world value of a risk assessmentBreadth of risk extends through communicationsKeeping risk assessment simple

A core element in preventing breaches is a healthcare-compliant risk assessment. However, the most obvious reason that a risk assessment that meets the parameters of the Health Insurance Portability and Accountability Act (HIPAA) should be conducted is that it is required by law for any organizations that come into contact with protected health information (PHI). This assessment or analysis is required by the Department of Health and Human Services (HHS) but also has real functional value in organizing your protective measures and revealing any areas that need improvement.

HIPAA risk assessments are required by law

By analyzing threats to your business, their likelihood, and potential impact, you are guided toward various administrative, technical, and physical safeguards that defend against these risks and maintain HIPAA compliance. There is flexibility built into these parameters to reflect the different sizes, complexities, and budgets of different organizations; specific measures you take should be “reasonable and appropriate” to the context, per the HHS. However, what is mandatory for compliance is that a risk assessment must be performed in order to determine how to move forward with security measures.

Real-world value of a risk assessment

A risk assessment is not simply a tedious compliance chore but a practice that has real-world value for your organization. You want to know where your security mechanisms need attention; after all, building up your defenses where they are most needed is fundamental to preventing healthcare breaches “What is Considered a HIPAA Breach in 2018?“. In the case of using a HIPAA hosting provider or other tech business associate, you want to know that their systems are sound, so it helps to know that they are held responsible for assessing their risk as well.

More Read

African Conference Highlights Government Subsidized Healthcare Delivery
A Marxist Turned Libertarian on The Health Train
Mark Your Calendar: 2014 ACA Dates to Know
Mobile Health Around the Globe: 10 Best Tools to Boost mHealth Initiatives in Africa: Part II
Teachers Get Free Botox in Buffalo

Breadth of risk extends through communications

A type of breach that can be difficult to remember is that of the unintentionally noncompliant, non-malicious insider. A key area in which that type of breach might occur is within communications, especially marketing.

It is helpful to consider thoughts from the Data & Marketing Association (DMA) on this topic because there are specific considerations for HIPAA compliance related to marketing efforts (such as social media), as with any other communications.

The DMA noted that it is necessary to get signed authorization from patients prior to any communications by the HIPAA-compliant organization that might result in revenue (also called subsidized communications). In other words, marketing requires the express consent of each patient. Healthcare organizations (and business associates that handle protected health information or PHI) can interact with patients through various standard communication channels, though, as long as the healthcare entity is not getting paid by an outside entity to perform the communication (which would classify it as subsidized marketing).

Keeping risk assessment simple

You want to be broadly assessing risk, and you want all the organizations that provide your data services to be carefully assessing risk as well. This whole process becomes simpler when you work with organizations that have an established track record in healthcare IT. It is also helpful, beyond these risk assessments, if business associates have additional third-party security credentials in place, such as a Statement on Standards for Attestation Engagements 18 (SSAE 18; formerly SSAE 16) audit.

Share This Article
Facebook Copy Link Print
Share
By Adnan Raja
Follow:
With over 10 years of experience in marketing and business strategy, Adnan has successfully branded and launched products from concept to marketing to profitable campaigns. He is always looking for innovative, pioneering strategies to grow the business via partnerships and revenue opportunities.

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

9 Lifestyle Tweaks That Can Add Years to Your Life
9 Healthcare Lifestyle Tweaks That can Add Years to Your Life
lifestyle
July 11, 2025
car accident lawsuit
Let Your Lawyer Handle the Work Before You Pay Medical Costs
Policy & Law
July 6, 2025
women dental care
What Is a Smile Makeover and How Much Does It Cost?
Dental health
June 30, 2025
HIPAA-Compliant Messaging Apps
Top HIPAA-Compliant Messaging Apps for Healthcare Teams
Global Healthcare Policy & Law Technology
June 25, 2025

You Might also Like

Choosing a Provider, Ethics, and Playing Darts Blindfolded

July 19, 2013
Hospital AdministrationMedical EducationPublic Health

Why Is There a Critical Shortage of Primary Care Physicians?

April 8, 2014
Image Access - Healthin30 ID-10069354 Post Are Consumers at the Forefront of Digital Technology
BusinesseHealthFinanceSocial Media

Are Healthcare Consumers at the Forefront of Digital Health?

March 26, 2014
BusinessPolicy & Law

Infographic:Pre-Reform Impact of Self-Pay Patients on US Hospitals

April 13, 2012
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?