Security Risk Assessment

A Security Risk Assessment (SRA) is a standard annual requirement for all eligible health care entities due to HIPAA Meaningful Use requirements. The Merit-Based Incentive Payment System, used for Medicare/Medicaid payment processing for healthcare entities, requires SRAs to be performed in order to receive the best possible service reimbursement rates. SRAs are required for all providers, large or small, and can be complex and time-consuming. Yeo & Yeo provides this service directly at a reduced cost.

Our approach to SRAs are less invasive and require minimum assistance from your staff. We provide you with a comprehensive report including all compliance documents as well as a detailed review of your report that outlines what your risk factors and next steps are. Contact us if you are interested in a quote for your annual SRA.   

What is a Security Risk Assessment?

Yeo & Yeo's SRA is divided into two main components:

  1. Risk Analysis is performed by conducting an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic patient health information (ePHI) held by a covered healthcare entity or business associate.
  2. Risk Management is performed by implementing security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply to HIPAA requirements. YYCC will provide both required points of an SRA with minimal impact on the health care entity’s office and personnel.

Security Risk Assessment Checklist 

  • Assessments cover all 72 HIPAA Security Safeguards as defined by the Office of Civil Rights, detailed in the HIPAA Audit Protocol

  • On-site Assessment of Specific Safeguards
    • Assessment of HIPAA information technology compliance
    • Assessment of HIPAA business security practices
  • Compliance Report Portfolio Delivery
    • HIPAA Policy and Procedures
    • HIPAA Risk Analysis
    • HIPAA Management Plan
    • Evidence of HIPAA Compliance Report
    • Security Exception Worksheet and other documentation
  • Findings Analysis Meeting 
    • Review reports and documentation
    • Determine areas of highest impact

Contact us for an SRA quote.

Related Content

HIPAA Security Compliance in IT

Next-Generation Firewalls vs. Traditional Firewalls