Loading images...

Security Risk Analysis

Certification and Regulatory Compliance

An accurate assessment of potential risks is essential to your entity’s health in relation to ongoing compliance with information security regulations and standards. Whether you’re a covered entity or business associate subject to HIPAA, or an organization looking to certify for ISO or SOC, Apgar & Associates, LLC’s Security Risk Analysis (SRA) services help your organization  reduce the risk of non-compliance with Security Rule requirements, meet MACRA requirements for an SRA, and protect you from other threats such as legal risk and other tangible and intangible costs. The security risk analysis is also an essential step in checking the strength of your security protocol and preparing for ISO or SOC 2 certifications.

The HIPAA Security Rule: A reminder

If you use, disclose or store ePHI (electronic Protected Health Information), HIPAA’s Security Rule mandates that covered entities and business associates periodically conduct a Risk Analysis. The Security Rule describes the Risk Analysis as including “an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of electronic Protected Health Information.”[1] This mandate also applies to non-electronic PHI per the HIPAA Privacy Rule.[2]

Security Risk Analysis Activities

Whether you’re a hospital preparing against an OCR HIPAA Audit, or you’re preparing for SOC 2 certification, the SRA Cycle is surprisingly similar: 

Risk Analysis Cycle Image

  • Prioritized asset inventory review
  • Threat and vulnerability identification
  • Existing security control evaluation
  • Impact and cost assessment

Security risk analysis techniques are applicable across industries and sectors. Once your risk analysis is complete, we classify and identify your risks as high, medium or low. You then receive a Risk Analysis Report to use as a tool to plan risk mitigation and present strategies to senior management. We’ve provided Simplified Risk Analysis guidelines here

Turn Security Risk Results into Risk Mitigation & Management

After the Risk Analysis, Apgar & Associates can help you turn the results into a Risk Management action plan, which will allow you to move your entity from risk-vulnerable to risk-managed, using step-by-step risk mitigation activities.

Apgar & Associates’ privacy and security experience stems from years of working with covered entities and business associates, financial firms and digital application developers, single professional offices to multi-national corporations.

For more information about our Risk Analysis services, contact us via email or at 503.384.2538.



[1] 45 CFR 164.308(a)(1)
[2] 45 CFR 164.530(c)
Testimonials

"Simply, Chris is one of the country's top, most trusted, reliable and knowledgeable privacy and security compliance experts. He's also worked on multiple audio conferences and webinars with me for HCPro and consistently earns high praise from listeners in post-show surveys."

Dom Nicastro
HCPro

Mailing & Office Address

Apgar and Associates, LLC
P.O. Box 80278
Portland, OR 97280
p 503-384-2538
p 877-376-1981

 

OFFICE ADDRESS

 

7100 SW Hampton St.
Suite 137
Tigard, OR 97223