You are here: WelcomeServices > Risk Analysis

Risk Management services provide your team with expert HIPAA resources to comply with HIPAA & HITECH by ensuring you know where sensitive data reside, the vulnerabilities & threats to that data, and what to do when bad things happen. 


HIPAA Risk Management services include:

  • Risk Assessments
  • Risk Analysis
  • HITECH Breach Management
  • Audit & Monitoring
Learn more about Risk Analysis. 
HIPAA requires a Risk Analysis be accomplished and updated. Risk analysis is the first step in an organization’s Security Rule compliance efforts. Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the organization.  HiPAA HUB can ensure this is accomplished.
The following questions adapted from NIST Special Publication 800-66 are examples organizations could consider as part of a risk analysis. These sample questions are not prescriptive and merely identify issues an organization may wish to consider in implementing the Security Rule.
Have you identified the e-PHI within your organization? 
(This includes e-PHI that you create, receive, maintain or transmit.)
What are the external sources of e-PHI?
(For example, do vendors or consultants create, receive, maintain or transmit e-PHI?)
What are the human, natural, and environmental threats to information systems that contain e-PHI?
HiPAA HUB will provide you with a Current Network Diagram, Network Vulnerability Outline, Application Criticality Matrix, Probable Threat/Impact Matrix (external issues), Vulnerability Matrix (internal issues), ePHI Inventory, Security Risk Matrix, and Remediation Recommendations as part of a typcial engagement.