Protect your business by having a specialized IT risk assessment performed.
Required by law, every health-related entity and all companies that do business with these entities (including IT service providers, shredding companies, documents storage companies, attorneys, accountants, collections agencies etc.) must have an IT risk assessment performed.
Every major data breach enforcement of HIPAA, some with penalties over $1 million, have cited the absence of, or an ineffective, risk analysis as the underlying cause of the data breach.
Your risk analysis must be updated at least annually, and more often if significant changes have occurred that would affect ePHI (electronic protected health information).
Mavidea’s HIPAA Risk Assessment Process
Step 1: External Vulnerability Scan
- Security holes and warnings
- Informational items that can help you make better network security decisions
- A full NMap to check for open ports
Step 3: Site Interview/Survey
- The on-site survey is an extensive list of all questions about physical and technical security that cannot be gathered automatically.
- The survey includes questions ranging from how facility doors are locked, firewall information, how faxes are managed, and whether servers are on-site, or in the Cloud.
Step 2: Internal Network Assessment
- File Scan Report
- User Identification Worksheet
- Computer Identification Worksheet
- Network Share Identification Worksheet
Step 4: Delivery of Primary & Secondary Documents
- HIPAA IT Policy and Procedures Documentation
- HIPAA Risk Analysis Documentation
- HIPAA Management Plan Documentation
- Evidence of HIPAA Compliance Documentation
- Security Exception Report
- Recommendations based on findings