Certifications & Audits
Risk Analysis
A HIPAA-required assessment of threats and vulnerabilities to ePHI.
A Risk Analysis is a HIPAA Security Rule requirement: an accurate, thorough assessment of the potential threats and vulnerabilities to the confidentiality, integrity, and availability of ePHI.
It is the foundational first step of a compliance program: you cannot protect ePHI appropriately without first understanding where the risks are. The analysis feeds risk management, the ongoing process of implementing safeguards to reduce identified risks to a reasonable level. A missing or inadequate risk analysis is one of the most commonly cited findings in OCR enforcement.