Service Overview Sheets

Risk Assessment

Issue link:

Contents of this Issue


Page 0 of 1

Risk Assessment Identify Threats & Vulnerabilities What to Expect • Standards align with OCR's expectations, utilizing firsthand experience during audits and investigations • • Not a "check the box" type approach; reports detail actionable next steps and priorities • Third-party assessment allows for thorough, unbiased review of security programs • • A knowledgeable staff with industry certifications in privacy, security and audit disciplines, and, most importantly, experience in healthcare • • Ability to meet risk analysis requirements and measure against multiple frameworks including, HIPAA/HITECH, ISO, NIST, FISMA, FIPS, PCI and more • • • • "A CIO's mission should be to protect patient privacy through the continual improvement of security programs. Having CynergisTek conduct an annual risk assessment supports my team as we work towards this mission by identifying vulnerabilities, analyzing risk, and revealing trends that might have gone unnoticed without them." – Chuck Podesta, CIO, University of California, Irvine ⊞ ⊞ ⊞ ⊞ A risk analysis must be conducted or reviewed periodically to meet regulatory requirements, or anytime there is a change in the operating or technical environment. More importantly, a Risk Assessment supports awareness and development of data security programs and results in reduced interruptions due to outages or incidents and better enterprise integrity by methodically addressing remediation. The CynergisTek Risk Assessment includes the following components: Thorough Review of Administrative, Physical and Technical Safeguards ⚠ � External Security Assessment � Wireless LAN Security Validation Architecture Assessment � Internal Security Assessment | Information Security Program Assessment � Meaningful Use EHR Technical Controls Assessment � Risk Analysis & Profile � ⊞

Articles in this issue

view archives of Service Overview Sheets - Risk Assessment