Security Risk Assessments

Healthcare professionals throughout the United States have been learning to manage HIPAA compliance for a while now. One component that the healthcare industry must comply with is the Security Risk Assessment or SRA which must be completed annually. The Security Risk Assessment includes not only your processes and procedures for managing protected health information, it also includes a thorough review of your IT Infrastructure including things such as:

  • Access Controls
  • Business Continuity Procedures
  • Perimeter Security
  • Storage
  • Secure data transmission
  • Patch Management

All of these items and more are critical to the security and privacy of your patients information and performing a security risk assessment can be time consuming and difficult, that is until now. WavesCo's HIPAA risk assessment team has worked hard to make these assessments as quick and painless as possible so that you can focus on your patients.

What you get

Our risk assessment provides you with a full audit ready report that explains to you where you are at risk and what changes you can make to reduce the risks. We will run an analysis of your IT environment including scans that will help you identify where you have protected health information. When we leave, you can feel confident that you have a plan that will either bring you to compliance or keep you in compliance.

Need more information

Are you a healthcare professional and need more information about WavesCo's HIPAA Security Risk Assessment?

Security Risk Assessment Facts

Who is required to complete an annual SRA

Any organization that maintains, tracks or otherwise has access to protected health data is required to complete an annual SRA. Especially medical professionals such as chiropractors, dentists, general practitioners and other medical specialists.

Are security risk analysis optional for small providers

This is a question we here a lot and the answer is no. All providers who are "covered entities" under HIPAA are required to perform a risk analysis. Additionally, any providers who receive EHR incentive payments are required to perform an SRA as well.

EHR vendors are not responsible for compliance

While an EHR vendor may be able to provide information or training on privacy and security aspects relating to their product, they are not actually responsible for making their products compliant with HIPAA Privacy and Security Rules. It is solely the responsibility of the "covered entity" to complete and SRA.