The HIPAA Security Rule requires that all covered entities
perform an accurate and thorough Risk Analysis (45 CFR 164.308(a)(1)).
This is one requirement that often intimidates practitioners
because it is so vast and vague. Hiring a consultant to
perform this activity can easily run upwards of $12,000-
even for smaller organizations! In response to these issues,
the HIPAA Academy has developed the HIPAAShield Risk Analysis
This online self-assessment tool allows you to complete
this requirement of the Security Rule in less time and for
far less money than other methods. Because the assessment
is free of HIPAA jargon, anyone with a working knowledge
of your organization's business processes can complete it.
The tool is accessible from anywhere in the world at any
time through a Web browser, so it can be completed at the
office or at home in your free time.
Here's how it works:
tool begins by describing the requirements for Risk Analysis
and the HIPAAShield methodology behind the assessment
tool. Risk Analysis requires that you take a critical
look at how your organization functions. This introduction
helps get you in the right frame of mind for the rest
of the analysis.
you complete seventeen threat-related questions. These
questions ask you to evaluate the impact that threatening
events would have on different areas of your business.
Your responses are selected from drop-down lists with
easy-to-understand responses such as high, medium, or
low. These questions are used to evaluate which
types of problems, would be most damaging to your business
group of no more than seventy-five questions are then
presented to evaluate your current business practices
without resorting to confusing or complicated "HIPAA-speak."
These questions evaluate how your organization currently
operates and are used to identify any potential Security
Rule issues. You select the response that most closely
reflects your business practices from a simple drop down
Once completed, HIPAA Academy will deliver:
- A Risk Analysis report explaining the methodology and
the findings based on your responses
- A recommendations and responses log that contains all
action items from the risk analysis report as well as
a place for you to respond to those recommendations and
record any action taken. This serves as a place to coordinate
compliance activities and helps you document your efforts
to become and remain compliant.
For more information about the HIPAAShield Risk Analysis
Tool please contact Bob Matthews at 515.453.8247 x20 or