HIPAA Self-Risk Assessments

Covered entities, business associates, and subcontractors can identify key areas of risk and remedy them through practical guidance and best practices based on HIPAA privacy and security standards.

For Covered Entities and Business Associates

A risk assessment is the principal mechanism used to measure the quality and effectiveness of the healthcare organization’s risk management process and compliance controls, and to verify that it is meeting federal privacy and security regulations. It is a requirement under the HIPAA Security Rule, as well as for meeting Meaningful Use core measures, and now the HIPAA Omnibus Final Rule extends provisions of the Privacy and Security Rule to business associates (including subcontractors who qualify as business associates).

Kroll offers HIPAA Self-Risk Assessment (HSRA) for covered entities and a separate assessment specific to business associates and their subcontractors (BA HSRA). These tools provide a thorough and comprehensive assessment of privacy and security controls, augmented with Kroll’s unique capabilities and end-to-end approach to information security.

The self-guided questionnaires, delivered on Kroll’s secure Client Portal, are intended to aid covered entities, business associates, and subcontractors in identifying key areas of risk and remedying them through practical guidance and best practices. Both are based on HIPAA privacy and security standards; implementation specifications; the recent HIPAA Omnibus Final Rule issued to modify HIPAA Privacy, Security, and Enforcement Rules; and guidance from the National Institute of Standards and Technology (NIST), Special Publication 800-66. All referenced assessment guidance documents are also found within the tools.

Both assessments include a preparatory guide, questions to gauge compliance with the Privacy and Security rules, a final report, and self-attestation documentation intended to assist in attesting that the organization has conducted required HIPAA assessments, and for covered entities, eligibility of the CMS Meaningful Use incentives. The assessment may be taken repeatedly during a twelve-month period. Clients also have access to regulatory guidance and industry best practice material available through the portal.

If you are a covered entity, business associate or subcontractor concerned about privacy and security requirements, find out how Kroll’s HIPAA Self Risk Assessments could benefit your organization. Call us at 1.866.419.2052 or complete the forms below to have a member of our team contact you with details.