It is no secret that a medical practice’s electronic health record data is an attractive target to hackers. The FBI stated in, “Cyber criminals are selling the information on the black market at a rate of $50 for each partial EHR, compared to $1 for a stolen social security number or credit card number.” With that said, small to medium sized medical practices, specifically, notoriously invest far less than recommended in cybersecurity protections, and end up a victim of a data breach or a ransomware attack.
The Office for Civil Rights (OCR) within the Department of Health and Human Services and The Office of the National Coordinator (ONC) for Health Information Technology created a HIPAA Security Risk Assessment Tool in response to a rise in data security breaches. This tool is completely free of charge to medical practices, and guides practice leaders through a list of measures and questions that will help identify weaknesses in a practice’s IT operations.
You may access the tool by clicking here:
Easily navigable and user friendly, the HIPAA Security Risk Assessment platform guides you through basic assessment questions after you first enter your practice information. Next, you will be prompted to enter your assets, vendors, and documents through an easy-to-use template. Next, you will reach the Assessment section. Here, you will proceed through the 7 section Q&A portion to assess and analyze your practice’s risk. You can access a help and reference section on the right side of your screen at any time to provide more information on how to fill out the assessment. You will be prompted to analyze and determine whether your practice’s risk is Low, Medium, or High per subject, and the impact a breach would have on your practice. After completing sections 1-7, you will move on to the summary section of the assessment. The summary portion will detail your risk score, a risk assessment summary, concerning areas for review, and a vulnerabilities score.
You will be able to export the Security Risk Assessment Tool Summary to a PDF to share with your IT Partner. At this point, your IT Partner should advise you and your practice how to strengthen your vulnerabilities and safeguard your systems and data. To learn more about the why cyber liability insurance can be critical for Independent Healthcare Practices, click the previous link.