HIPAA Risk Assessment and Security Rule
This HIPAA Risk Assessment and Security Rule Assessment Playbook is based on the U.S. Department of Commerce NIST Special Publication 800-66 Revision 1 - Health Insurance Portability and Accountability Act (HIPAA).
A covered entity is required to comply with all “standards” of the Security Rule and “required” implementation specifications with respect to all electronic private health information (EPHI). For “addressable” implementation specifications, covered entities must perform an assessment to determine whether the implementation specification is a reasonable and appropriate safeguard for implementation in the covered entity’s environment. Covered entities are required to document these assessments and all decisions. The HIPPA Playbook facilitates this process.
The HIPAA Risk Assessment and Security Rule Assessment Playbook addresses the following:
- HIPAA Security Rule – Risk Assessment
- HIPAA Security Rule – Administrative Safeguards
- HIPAA Security Rule – Physical Safeguards
- HIPAA Security Rule – Technical Safeguards
- HIPAA Security Rule – Organizational Requirements
- HIPAA Security Rule – Policies and Procedures and Documentation Requirements Document the Risk Assessment Results