We value your privacy

We use cookies on our website to see how you interact with it. By accepting, you agree to our use of such cookies. Privacy Policy
Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Bring AI-powered execution to GRC tasks. Try Scrut Teammates icon

HIPAA Risk Assessment

An organization’s creation, receipt, maintenance, or transmission of any protected health information (PHI) is subject to potential risks and vulnerabilities, which are the focus of a HIPAA risk assessment.

Because covered businesses and business partners differ in size, complexity, and skills, the U.S. Department of Health & Human Services (HHS) does not establish a specific risk analysis approach. HHS advises that to achieve the goal of a HIPAA risk assessment, a company should:

  • Determine the locations of PHI used for storage, receipt, maintenance, or transmission. Identify and record potential threats and vulnerabilities.
  • Examine the security procedures in place now to protect PHI.
  • Examine how well the current security measures are being used.
  • Analyze the possibility of a threat that was conceivably foreseeable and the probable effects of a PHI breach.
  • Give combinations of vulnerabilities and impacts a risk rating.
  • Keep track of the evaluation and take appropriate action.

HIPAA risk assessments must be periodically reviewed when establishing new work processes or adding new technology.

 

See Scrut in action!

Schedule a Demo