Security Risk Assessment
A security risk assessment can be a daunting task. Meaningful use and HIPAA require you to conduct a Risk Analysis per CFR 164.308 (a)(1)(ii)(A). But if not conducted by an information security professional, your organization can still be exposed to threats against your patients’ information. And how do you know what to do after the assessment? BTS uses an unbiased, quantifiable assessment process built on the NIST framework that can be easily repeated year after year. We can help with any remediation efforts including policy and procedure creation, employee training, and more.
Have our experts help you prevent disaster before it occurs.
The consequences and cost of compromised healthcare data can be staggering. In addition to the liability of leaked patient medical records and financial data, compliance certifications can be revoked and substantial fines levied. Reputation damage could be devastating. A Security Risk Assessment (SRA) by BTS will not only help you avoid a security disaster, but also give you the confidence that you are meeting the latest HIPAA, Meaningful Use and MACRA/MIPS Advancing Care requirements. As exclusive healthcare IT security and compliance experts, engaging BTS for your SRA can not only allow you to focus more on improving patient care, but also give you the confidence that your SRA includes the latest threat, safeguard and compliance considerations.
SRA Essential Components
Our SRA includes a complete examination of these essentials:
- Review of PHI inventory to determine where electronic and other data is located
- Examination of the three safeguards required by 45 CFR 164.308 (a)(1) — administrative, physical and technical, including the latest Omnibus rules. (This is a facet many assessment providers overlook.)
- Assessment of current HIPAA security compliance operations, including safeguards in place, vulnerabilities, and specific threats to safeguards
- Evaluation of existing security policies and procedures
Comprehensive Findings & Recommendations
BTS provides a comprehensive, audit-ready report with findings and recommendations that includes detailed vulnerabilities and remediation recommendations. Remediation may include outsourcing disaster recovery, backup and restore processes, information hosting, and perimeter testing.
Of course, your SRA may have unique requirements based upon your particular business. One of BTS’s strengths is our breadth and depth of compliance experience. We can quickly and effectively help you with any specialized SRA need.