St. Louis Healthcare IT Solutions

Healthcare professionals, throughout the United States, have been learning to manage HIPAA compliance to adhere to industry requirements. One component that the healthcare industry must comply with is the Security Risk Assessment (or SRA), which must be completed annually. The Security Risk Assessment includes, not only your processes and procedures, for managing protected health information, it also includes a thorough review of your IT Infrastructure, including areas such as:

  • Access Controls
  • Business Continuity Procedures
  • Perimeter Security
  • Storage
  • Secure data transmission
  • Patch Management

All of these issues are critical to the security and privacy of your patients' information, and performing a security risk assessment can be time-consuming and difficult. Wheelhouse Solutions' HIPAA risk assessment team has worked hard to make these assessments as quick and painless as possible, so that you can focus on your patients.

What you get

Our risk assessment provides you with a full, audit-ready report, that explains to you where you are at-risk and what changes you can make to reduce the risks. We will run an analysis of your IT environment, including scans that will help you identify where you have protected health information. When we leave, you can feel confident that you have a plan that will keep you in compliance.

Security Risk Assessment FAQs

Who is required to complete an annual SRA?

Any organization that maintains, tracks or, otherwise, has access to protected health data is required to complete an annual SRA, particularly medical professionals, such as chiropractors, dentists, general practitioners and other medical specialists.

Is Security Risk Analysis optional for small providers?

In a word - No. All providers who are "covered entities", under HIPAA, are required to perform a risk analysis. Additionally, any providers who receive EHR incentive payments are required to perform a SRA, as well.

Is it true that EHR vendors are not responsible for compliance?

While an EHR vendor may be able to provide information, or training, on privacy and security aspects, relating to their product, they are not actually responsible for making their products compliant with HIPAA's Privacy and Security Rules. It is, solely, the responsibility of the "covered entity" to complete an SRA.

© Copyright 2017 by Wheelhouse Solutions. All Rights Reserved.
Site Designed by Search Driven Technologies

Wheelhouse Solutions

119 S Main Street
St Charles, Missouri 63301
Phone: 314-492-2506

Follow Us On Social Media