Security Risk Assessment & Risk Management

The Security Rule under HIPAA is complex and detailed.  It is triggered if the employer sponsored health plan has protected health information (PHI) that is created, received, transmitted or maintained in any electronic format (ePHI).  The Security Rule is complex and provides for administrative, technical, and physical safeguards and their implementation specifications. The first requirement of the security rule, is that a covered entity or business associate complete an accurate and thorough risk assessment,  and based on the risk assessment, develop a risk management plan.  This risk assessment is the KEY to successfully developing a risk management strategy. This Security Risk Assessment and Risk Management Plan is part of the solution.

Risk assessment do take time. The tools provided in the marketplace and by the Department of Health and Human Services are tedious, require a lot of writing and geared towards health care providers.

Medcom Benefit Solutions has created a risk assessment tool for employer sponsored health plans and their insurance brokers.  If you create, receive, transmit or maintain ePHI and have not completed a risk assessment or developed a risk management program, then this tool is for you.  It is composed of approximately 220 questions; however, they are in check box format (except for the demographic information).  The Security Risk Assessment and Risk Management Plan is divided into two sections. 

1.       Section 1:  is for the Plan Sponsor, privacy officer, or HR professional to complete if you are an employer sponsored health plan.  If you are an Insurance Broker and your agency, as a business associate, then the privacy officer or designee can complete. Knowledge of the health plans offered is a “must”.

2.        Section 2 is geared towards IT and requires someone with tech knowledge to complete.  It does not have to be completed in one sitting.

We do ask that this security risk assessment and risk management plan, be accurate as the report generated will be based on your answers.   Once completed, the report  will be provided to all designated recipients instantaneously via email. The report will serve not only as your accurate and thorough risk assessment, but will form the basis of your risk management plan as well. 

Medcom Benefit Solutions  will never leave you hanging.  This service comes one or two ways.  The employer can complete the questionnaire and receive their report;  or Medcom will contact the appropriate individuals at your organization and go through the questionnaire and complete the form so there are no concerns of a question being misinterpreted.  Your choice, what ever is easier.

In addition, this tool  also comes with 2 hours of consulting services from one of our HIPAA certified experts.

This tool is the first step and critical step to becoming HIPAA compliant under the security rule.