The Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires that Covered Entities and their Business Associates conduct a thorough and comprehensive Security Risk Analysis annually. This is to ensure the Confidentiality, Integrity and Availability of the organization’s systems, network and data are secure, and to prevent unauthorized access to protected data (PHI).

When conducting a comprehensive Security Risk Analysis address the Physical, Technical and Administrative Safeguards of the organization.

For more information on HHS Office for Civil Rights:

Guidance on conducting a Risk Analysis

Security and compliance are first and foremost in the management of our clients' systems. After conducting thousands of SRAs, common vulnerabilities began to emerge. We launched HIPAA Tip Tuesday to make clients aware of what actions they can take to address these vulnerabilities.

Have a great week!

Dawn Meglino
HIPAA Compliance Office
StratX IT Solutions