Under the HIPAA Security Rule, Covered Entities (CE’s) are required to conduct an accurate and through analysis of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI (Electronic Patient Health Information). The Security Risk Analysis is mandatory for any organization that accesses ePHI. On completion of a Security Risk Analysis, you must take any additional “reasonable and appropriate” steps to reduce identified risks to reasonable and appropriate levels.

What is Included in Our HIPAA Compliance Program?
  • Onsite technician to conduct a 132-point thorough assessment
  • Identification of all risk areas and consultation on how to mitigate Medium & High Risks
  • Quarterly trainings for your HIPAA Compliance Officer via webinar with our training experts
  • Annual trainings for all staff members to meet government regulations, via webinar with our training experts
  • Quarterly network scans for intrusion detection
  • 65 Page HIPAA Manual for corporate use
  • Creation of necessary policies and procedures, such as Business Resumption Plans
  • Consultation services with our North Shore HIPAA experts to discuss ongoing compliance
Frequently Asked Questions:

What Will North Shore do?

North Shore Solutions will send a technician onsite to review the existing security infrastructure in your medical practice against legal requirements and industries best practices. A North Shore HIPAA Risk Consultant will identify potential threats to patient privacy and security and assess the impact on the confidentiality, integrity and availability of your e-PHI. The Risk Consultant will also prioritize risks based on the severity of their impact on your patients and practice. In addition, a HIPAA Risk Analysis Manual (60-80 pages) – tailored to your practice – will be sent to the dedicated HIPAA Security Officer.

Is the security risk analysis optional?

No! Failure to comply and have a thorough Risk Analysis performed is a major HIPAA violation. All Covered Entities are required to have a Risk Analysis performed if they have access to ePHI. Also, all providers who are participating in the Meaningful Use Program are considered to be high risk and have increased chances of being audited for compliance.

Will a checklist stand up to a government audit?

Checklists fall short of performing a systematic security risk analysis or documenting that one has been performed.

Do I only need to have the risk analysis performed once?

a.       To comply with regulations, you must continue to review, correct or modify, and update security protections at a minimum of every three years. Due to continually growing cyber threats and attacks, we recommend to perform the Risk Analysis annually.

Before I attest for an EHR incentive program, do I have to fully mitigate all risks?

No, but a plan must be in place to correct any identified deficiencies during the reporting period as part of the risk management process. Documented ongoing compliance is essential for passing a HIPAA or Meaningful Use audit.

Ready to get started? Contact Us