Lawmakers had four main objectives in creating the Health Insurance Portability and Accountability Act:
HIPAA regulations deliberately are vague on a risk analysis methodology due to the vast differences in the size, capabilities and complexity of Covered Entity operations. However, HHS does provide objectives, which include:
A HIPAA risk assessment is not a one-time requirement, but a regular task necessary to ensure continued compliance, particularly when there are changes to the workforce, work practices or technologies.
Summit’s security team has conducted numerous Security Risk Assessments to review administrative, technical and physical safeguards, identify an document compliance gaps, and provide a roadmap for remediation, based on level of criticality