Abstract
The Health Insurance Portability and Accountability Act (HIPAA) Security Rule mandates periodic security risk analyses (SRA) to assess compliance. This analysis evaluates threats and vulnerabilities to electronic protected health information (EPHI) and considers all devices connected to a network. While the Security Rule is flexible, small organizations must still adhere to its standards. IT vendors and staff play a crucial role in implementing HIPAA safeguards. Threats and vulnerabilities must be identified to select appropriate safeguards for EPHI. These safeguards include administrative, physical, and technical measures. Addressable specifications should be implemented if reasonable, and documentation of decisions is essential. A Technical Network Assessment (TNA) is recommended to evaluate IT infrastructure security. TNA reports help identify corrective actions to protect EPHI effectively.
Recommended Citation
Cosey, Jennifer
(2023)
"HIPAA Update: Conducting a Security Risk Analysis,"
The Journal of the Michigan Dental Association: Vol. 105:
No.
8, Article 5.
Available at:
https://commons.ada.org/journalmichigandentalassociation/vol105/iss8/5
Included in
Business Law, Public Responsibility, and Ethics Commons, Dental Public Health and Education Commons, Health Law and Policy Commons, Human Resources Management Commons, Leadership Commons