Security Risk Analysis PrivaGuide
A Security Risk Analysis is the heart of your HIPAA compliance efforts. Build an inventory of PHI and review your technical safeguards with these risk analysis steps.
Security Risk Analysis PrivaGuide Overview
A Security Risk Analysis is an assessment of various risks or threats to the confidentiality, integrity, and availability of…
Perform a Security Risk Analysis Walkthrough
Why Do You Need a Risk Analysis? According to the HIPAA Security Rule, each Covered Entity must conduct a formal risk…
Physical Security Checklists
💡 PrivaPlan Guidance: Depending on the type and size of your organization some of the questions may not apply…
External Doors, Locks & Keys Checklist
Create a Keys & Alarm Inventory Access controls ensure that only those persons with proper authorization have access to…
Facility Repairs & Modifications Checklist
🔲 Do you document repairs and modifications made to the facility? Especially when related to the security of the…
Security Alarms & Surveillance Checklist
🔲 Is there an alarm? 🔲 Are there codes? If so, how many digits? 🔲 How often are codes…
Security & Security Incidents Checklist
🔲 Are there security guards or a contracted security firm? 🔲 If so, how often are they onsite? 🔲…
Patient & Visitor Security Checklist
Now it’s time to review your waiting room and front office area. Look at the check-in process through a…
Workstation Proximity & Security Checklist
💡 PrivaPlan Guidance: Identify all workstations in your organization including computers, laptops, and mobile devices. Review the position of workstations,…
Paper PHI Security & Shredding Checklist
💡 PrivaPlan Guidance: It is best practice to have a defined workflow for paper PHI. 🔲 Do you have…
Technical Security Checklists
💡 PrivaPlan Guidance: Part of a Security Risk Analysis is to identify all equipment that creates, maintains, receives, and transmits…
Workstation Security Checklist
Note: Workstations include laptops or tablets 🔲 What kinds of workstations are being utilized? Examples, Desktops, laptops, tablets, smartphones 🔲…
Laptops & Mobile Devices Checklist
🔲 Are there any laptops or mobile devices in use? 🔲 Are laptops and mobile devices encrypted? 🔲 Are…
Medical and/or Peripheral Devices Checklist
💡 PrivaPlan Guidance: As you evaluate your security risks and what items need to have restricted access keep in…
Work From Home Workstations Checklist
💡 PrivaPlan Guidance: Work From Home (WFH) introduces risks that are not present at the office. The physical security as…
Data Handling & Backups Checklist
🔲 Are workstations configured to store information on a central server or a cloud service that is reliably backed…
Disposal & Reuse Checklist
🔲 Is there a log of all devices, including medical devices that collect and store ePHI such as Ultrasound machines.?…
Network Checklist
🔲 Do you have an Internet service provider? 🔲 Is it used for Internet access as well as point to point…
Security Risk Contingency Planning Checklists
💡 PrivaPlan Guidance: Depending on the type and size of your organization some of the questions may not apply…
Security Policies & Procedures Checklist
???? Have you assigned workforce members to an incident response team? Including who will provide direction during an emergency…
Security & ePHI Checklist
🔲 Have you identified which ePHI systems are required to maintain business operations in the event of an emergency? 🔲…
Server & Software Checklist
🔲 Is there a computer server? 🔲 If so evaluate its location: Is the location secure and separately locked or…
Create a Threats, Vulnerabilities & Criticality Chart
Content will be available soon!
Implementing the Security Rule
Content will be available soon!
Glossary of Security Risk Analysis Terms
Administrative Security: The typically manual activities and management constraints, operational procedures, accountability procedures, and other supplemental controls established to…
Other PrivaGuides
The first step to establishing procedures for how PHI is…
Identify and define who will be the Privacy Official and…