The Health Insurance Portability and Accountability Act (HIPAA) Security Rule mandates periodic security risk analyses (SRA) to assess compliance. This analysis evaluates threats and vulnerabilities to electronic protected health information (EPHI) and considers all devices connected to a network. While the Security Rule is flexible, small organizations must still adhere to its standards. IT vendors and staff play a crucial role in implementing HIPAA safeguards. Threats and vulnerabilities must be identified to select appropriate safeguards for EPHI. These safeguards include administrative, physical, and technical measures. Addressable specifications should be implemented if reasonable, and documentation of decisions is essential. A Technical Network Assessment (TNA) is recommended to evaluate IT infrastructure security. TNA reports help identify corrective actions to protect EPHI effectively.
"HIPAA Update: Conducting a Security Risk Analysis,"
The Journal of the Michigan Dental Association: Vol. 105:
8, Article 5.
Available at: https://commons.ada.org/journalmichigandentalassociation/vol105/iss8/5