• Our Outreach
    -Consultations with healthcare professionals
    -Risk Assessment and Review Engagements with both Dental and Medical practices
    -Consultations with many industry consultants and suppliers
  • Findings
    -Inertia on behalf of personnel responsible for risk assessment and reviewRisk Assessment Support
    *untrained, not qualified to do certain tasks, overloaded
    -Providers – think everything is in great shape
  • Easy misconceptions
    -No written or insufficient policies
    -Unable to demonstrate procedures are followed consistently
    -Unaware of risky activity

>ePHi using Outlook
>Unsecured paper files/old hard drives
>No review of logs for intrusions
>No employee screening or terminations discussions
>All staff use the same log-ins and passwords

-Staff unaware of the capabilities of the EHR software
-And lots more

Risk Assessment Support Recommended Solutions

  • 3rd Party Risk Assessment
    -Quick, knowledgeable (HIPAA guidelines/IT/Contingency mgt/process mgt) assessments
    -Produce punch lists of deficiencies
    -Assistance of clear deficiencies, upgrade systems
    -Complete the work that the staff cannot do
  • 3rd Party Periodic Reassessments
  • Manage ongoing compliance with a software solution such as Network Antic’s recommended multiple mandate software.-Set up the all future compliance tasks (check controls, collect and store reports, ensure recurring processes follow policies and procedures) – email, notification engine, dashboards, calendars, etc. Each year’s tasks can be initiated in > 1 hour.
    -System of record to support all compliance activities (questionnaires, contracts, reports, policies, electronic signatures, document versioning)
    -Alerts if compliance tasks are completed on a timely basis (task, resp. party)
    -Contingency management – execute predetermined DR plan with Network Antic’s recommended multiple mandate software.


Additional Resources:

Risk Assessment Support

Understanding HIPAA Security Audit Risks and Myths

Leave A Comment