Professional Documents
Culture Documents
Assessing the privacy and security risk of an organization must be ongoing and entails a
multi-step and interdisciplinary process. A privacy and security risk assessment includes a
thorough assessment and analysis of the administrative, technical and physical safeguards of an
organization. Choosing an experienced and knowledgeable informatics team that is aware of the
current federal regulations regarding safeguarding the electronic health record must be of highest
priority.
The first step for the Privacy and Security Assessment for the organization begins with
identifying employees and business associates that are a part of the security safeguards of the
organization and how this meets the HIPAA regulations. The next step involves assessing the
administrative, technical and physical security safeguards that are already in place for the
organization. Then, utilizing an administrative, technical and physical security risk assessment
tool that assigns risk scores based on criteria met, scoring is completed. Such scoring results in a
low, medium or high risk impact. Part of the risk assessment involves assessing how electronic
includes identifying employees who have access to e-PHI and their level of access. This method
allows for identifying potential areas that may result in a breach of information. With such a
potential for a breach of information, assessment is done to review the organization’s knowledge
of proper procedures for the reporting of such breaches, depending on the number of individuals
involved.
presented, along with the informatics team’s recommendation for addressing current issues and
prevention of any future occurrences. Any questions that may arise from the organization or the
Quality 2
informatics team can be answered with an open dialogue. This manner of step by step assessment
allows for the organization and the informatics team to work in collaboration not only with
identifying potential areas of security threats but with constructing solutions that have far