HIPAA Academy.Net
HIPAA Academy / Consulting / HIPAA Risk Analysis: HIPAAShield™ Risk Analysis Tool
HIPAAShield™ Risk Analysis Tool

The HIPAA Security Rule requires that all covered entities perform an accurate and thorough Risk Analysis (45 CFR 164.308(a)(1)).  This is one requirement that often intimidates practitioners because it is so vast and vague.  Hiring a consultant to perform this activity can easily run upwards of $12,000- even for smaller organizations! In response to these issues, the HIPAA Academy has developed the HIPAAShield™ Risk Analysis Tool.

This online self-assessment tool allows you to complete this requirement of the Security Rule in less time and for far less money than other methods.  Because the assessment is free of HIPAA jargon, anyone with a working knowledge of your organization's business processes can complete it.  The tool is accessible from anywhere in the world at any time through a Web browser, so it can be completed at the office or at home in your free time.

Here's how it works:

  1. The tool begins by describing the requirements for Risk Analysis and the HIPAAShield™ methodology behind the assessment tool.  Risk Analysis requires that you take a critical look at how your organization functions.  This introduction helps get you in the right frame of mind for the rest of the analysis.

  2. Next, you complete seventeen threat-related questions.  These questions ask you to evaluate the impact that threatening events would have on different areas of your business. Your responses are selected from drop-down lists with easy-to-understand responses such as high, medium, or low.  These questions are used to evaluate which types of problems, would be most damaging to your business and patients.

  3. Another group of no more than seventy-five questions are then presented to evaluate your current business practices without resorting to confusing or complicated "HIPAA-speak." These questions evaluate how your organization currently operates and are used to identify any potential Security Rule issues.  You select the response that most closely reflects your business practices from a simple drop down list.

Once completed, HIPAA Academy will deliver:

  • A Risk Analysis report explaining the methodology and the findings based on your responses
  • A recommendations and responses log that contains all action items from the risk analysis report as well as a place for you to respond to those recommendations and record any action taken.  This serves as a place to coordinate compliance activities and helps you document your efforts to become and remain compliant.

For more information about the HIPAAShield™ Risk Analysis Tool please contact Bob Matthews at 515.453.8247 x20 or Bob.Matthews @HIPAAacademy.Net.