Asureti's HIPAA Risk Assessment methodology is based on the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-30, Revision 1, Guide for Conducting Risk Assessments. This includes:
The assessment considers processing, storage, and transmission of ePHI within the environment. The assessment procedures incorporate surveys, interviews, and facilitated discussions with business and IT management members. This helps identity threats and vulnerabilities to ePHI stored and processed by the organization. These procedures also work to identify controls to mitigate the identified concerns.
Asureti conducts interviews with key personnel to determine compliance with defined safeguards and requirements. Together we inspect policy, procedures, and other types of documentation to assist in assessing the controls an organization has in place to meet HIPAA Security Rule requirements. Components include:
This compliance assessment identifies gaps between current policies, procedures, systems, and applications relative to HIPAA Security Rule requirements. Assessment efforts also provide recommendations to assist with the remediation efforts required to achieve HIPAA compliance.
A HIPAA Privacy Assessment based on NIST Privacy Framework and Privacy Risk Assessment Methodology (PRAM) is performed across functions and teams. Asureti utilizes a survey approach to understand the following components across key operational functions/teams. Review, analysis, and discussion of results and follow-up can be a deep dive or a lighter touch, depending on client preference.
Leveraging appropriate tools can provide for streamlined processes and reporting for HIPAA Compliance programs. Asureti can provide program operations with internal client tools or through the Onspring GRC Platform. Inclusion of a GRC technology:
Inclusion of a GRC technology: