HIPAA Risk Assessments are Not Optional

    HIPAA Assessments are Not Optional

    The end of the year is almost here. If your healthcare organization hasn’t had at least one Security Risk Assessment in the last 12 months, your organization may be out of compliance. Keeping up with HIPAA and Meaningful Use regulations and requirements can be a huge drain – both financially and emotionally. Small practices generally cite insufficient staff or time to keep the practice running while also researching and creating the required security practices, policies and procedures as well as ensuring staff is getting HIPAA training. You’ve been entrusted to care for your patients, and that includes protecting their ePHI. We know it’s overwhelming and Weston is here to help.


    You can… try to free up even more time for your staff to attempt the security risk assessment yourself. However, be forewarned: over 70% of OCR settlement agreements list failed risk analysis as one of the findings. Doing a proper security risk assessment is far more than just a checklist. It requires a technical background to identify and quantify various attack vectors in addition to other risks.

    Or… Save your staff’s time and simply contact Weston. We have over 22 years of experience and we specialize in proactively-managing technology for healthcare and professional firms. We conduct comprehensive, confidential HIPAA risk assessments for health and medical organizations using a combination of specialized software, on-site observations and interviews with your staff to uncover a broad range of issues.


    Think of the security risk assessment (also commonly called a security risk analysis) as a required “health check-up” for your organization. The first risk assessment creates a baseline of health and documents the current status of an organization. The outcome of a risk analysis sets a clear path for what policies and procedures need to be in place. It also identifies and prioritizes the physical, technical and environmental risks that need to be addressed. This allows us to address the largest risks first to better protect your patients and your practice.

    After your first baseline risk assessment, periodic update assessments should be done. How frequent? Once a year at a minimum or after an operational or physical change to your practice.


    We are all busy. The last thing you want to deal with are regulations when you would rather be serving your patients. You may not have had the time or never realized all the requirements or implications of not being in compliance.

    Don’t risk your business or the reputation you’ve worked so hard to create. Or worse, don’t lose your valued patients. The ramifications of not doing a risk assessment or falsely attesting that you’ve done one can be severe.

    Please note: while we’d love to help every practice, there is a limited amount of time before the end of the year. Don’t lose your opportunity to get this HIPAA-required risk assessment at a reasonable price.

    Want to Learn More? Don’t wait until you get audited. By then it will be too late. HIPAA compliance is the law, regardless the size of your practice. Contact your local Weston office today to get all your questions answered professionally and work with you to schedule based on your needs.

    Comment : 0

    Leave a Reply

    Your email address will not be published.


    - A Team That Supports Your
    People, Not Just Your Technology