HIPAA Security Rule Series Part 4: Risk Analysis and Management Plan

Do You Know How to Manage Security Risks to Your HIPAA Compliance?

Download the eBrief - HIPAA Security Rule Series Part 4: Risk Analysis and Management Plan

In our first three eBriefs on the HIPAA Security Rule, we’ve tackled administrative safeguards, physical safeguards, and technical safeguards — of which every healthcare compliance employee needs to have a firm understanding. But what now? What’s a healthcare compliance ninja to do with all that essential knowledge?

If you like to dabble in vegetable gardening, you know that you must be aware of the risks of pesky hornworms and hungry rabbits (and deer!) or your tomatoes, zucchini, and cucumbers are doomed. In the same way, you as a compliance officer need to be aware of the risks to successfully fulfilling the HIPAA Security Rule requirements and to have a plan to manage those threats.

CJ Wolf, MD, explains in our fourth eBrief — “Sometimes entities fail to comprehend their individual accountability to perform an enterprise risk analysis. They may mistakenly believe that an electronic medical records vendor or their contracted IT services are primarily responsible. This is not the case.”

Download our free eBrief, “HIPAA Security Rule Series Part 4: Risk Analysis and Management,” to learn:

  • The consequences of NOT identifying and managing risks
  • The percentage of entities that are sufficiently managing these risks
  • The primary issues that cause entities to miss the mark
  • Why a HIPAA Security Risk Analysis is only the beginning


If you feel like you need help addressing the HIPAA Security Rule, Healthicity’s team can help. Visit our advisory team's page to learn more and get in touch with an expert consultant. 

In our other eBriefs on this series, we covered other essential elements of the HIPAA Security Rule. You can download those in the links below.