NOT ELIGIBLE FOR PREMIUM CREDIT

With enforcement of the HIPAA Security Rule starting in 2005, one requirement is that covered entities conduct a security risk analysis, or SRA.  This is a systemic process that identifies potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information, or ePHI. 

This module details what a security risk analysis is as well as the process of conducting how one is conducted.

Learning Objectives: 

1. Explain the significance of conducting an SRA under HIPAA and identify the scope, including all locations, systems, and devices where ePHI is handled.
2. Describe the process of identifying threats and vulnerabilities to ePHI and develop strategies for implementing internal controls and mitigating identified risks.
3. Outline the steps for documenting SRA results, maintaining records for compliance, and updating the SRA regularly and when significant changes occur.

IMPORTANT:

As you begin to develop your practice’s HIPAA Program, it is important to remember it must be customized to your practice’s unique needs and site-specific information. The SVMIC HIPAA Compliance Manual’s policies and procedures are designed to serve as a template for what the practice should be doing.