All of these issues are critical to the security and privacy of your patients' information, and performing a security risk assessment can be time-consuming and difficult. Wheelhouse Solutions' HIPAA risk assessment team has worked hard to make these assessments as quick and painless as possible, so that you can focus on your patients.
Our risk assessment provides you with a full, audit-ready report, that explains to you where you are at-risk and what changes you can make to reduce the risks. We will run an analysis of your IT environment, including scans that will help you identify where you have protected health information. When we leave, you can feel confident that you have a plan that will keep you in compliance.
Who is required to complete an annual SRA?
Any organization that maintains, tracks or, otherwise, has access to protected health data is required to complete an annual SRA, particularly medical professionals, such as chiropractors, dentists, general practitioners and other medical specialists.
Is Security Risk Analysis optional for small providers?
In a word - No. All providers who are "covered entities", under HIPAA, are required to perform a risk analysis. Additionally, any providers who receive EHR incentive payments are required to perform a SRA, as well.
Is it true that EHR vendors are not responsible for compliance?
While an EHR vendor may be able to provide information, or training, on privacy and security aspects, relating to their product, they are not actually responsible for making their products compliant with HIPAA's Privacy and Security Rules. It is, solely, the responsibility of the "covered entity" to complete an SRA.