HIPAA Compliance & Risk Assessment in Chicago

HIPAA Risk Assessment and Compliance

When HIPAA security risk assessments are performed correctly, the organization knows how much to invest in security and can demonstrate that the controls over Protected Health Information (PHI) are “reasonable and appropriate,” which is crucial for HIPAA compliance. Through our HIPAA compliance consulting services, HALOCK guides clients through risk assessments so that they can identify — in a clear, repeatable manner — what parts of their organizations they must prioritize to address both compliance and security.

Our HIPAA risk assessment methodology conforms to ISO 27005 and NIST 800-30, and ensures that the HIPAA requirements for risk assessments are fully met and achieve the following benefits:

  • Information security investments are measurably “reasonable and appropriate” as HIPAA and Meaningful Use require.
  • Information, systems, processes, people and facilities that can create risk are identified and assessed to ensure HIPAA compliance.
  • Risks are prioritized, in part, by the impact that a threat has on the organization and its responsibilities.
  • Information risks are considered in terms of the business mission as well as the organization’s responsibilities to its customers, providing a unified view of risk that aligns with HALOCK’s Purpose Driven Security® approach.

In addition to our HIPAA assessment services, HALOCK offers a full suite of HIPAA security risk treatment programs and HIPAA risk management plans to help you achieve and maintain HIPAA compliance.

HIPAA Risk Treatment

HIPAA security risk assessments are performed to alert management about what could go wrong with PHI and Electronic Medical Records (EMR). Those risks remain a liability unless “reasonable and appropriate” security controls are established to protect that information and keep those controls effective.

Risk treatment is the process for implementing the appropriate information security controls. Using formalized risk management processes, HALOCK helps you determine the appropriate level of risk treatment in a manner that is consistent with the HIPAA security risk assessment and analysis guidance from DHHS, CMS and NIST. In addition, HALOCK’s security engineers work closely with your staff to assist in implementing the appropriate technical solutions to help you achieve your compliance goals.

HIPAA Risk Management

HIPAA compliance is not a point-in-time achievement, but rather a duty of care process that operates over time. To achieve ongoing due careHIPAA risk management is applied. This involves monitoring and correcting security controls so they remain effective at reducing risk.

HALOCK acts as your HIPAA consultant to help establish key processes for monitoring and addressing risks to protected health information (PHI) and the EMR. Our HIPAA risk assessment and management plan ensures that risk owners are accomplishing their assigned tasks; it also provides easily maintained metrics for demonstrating that security and compliance investments are “reasonable and appropriate.” Through Duty of Care Risk Assessment (DoCRA), we help you establish reasonable safeguards based on your organization’s mission, objective and obligations. Learn about Sensitive Data Scanning as part of the process.

Based on ISO 27001 and NIST 800-30, HALOCK’s compliance consulting and risk management methodologies are practical and scalable — and easily applied in most organizations regardless of size or complexity.

Reasonable Security is Now Defined

The Sedona Conference – an influential think tank that advises attorneys, regulators, and judges on challenging technical matters – just released its Commentary on a Reasonable Security Test. The Commentary is the first document of its kind that provides the legal community with a clear definition of a “reasonable” security control.

HALOCK’s Chris Cronin was a co-author of Commentary on a Reasonable Security Test. To learn how to apply the test, contact us.

HALOCK is headquartered in Schaumburg, IL, in the Chicago area and advises clients on reasonable information security strategies throughout the US.

Contact Us