• Magazine
    • Past Issues
    • Subscribe
    • Change Mailing Address
    • Surveys
    • Guidelines for Authors
    • Editorial Calendar
    • Editorial Deadlines
  • Practice
    • Business Tips
    • Chiropractic Schools
    • Clinical & Technique
    • eBooks
    • eCourses
    • Infographics
    • Quizzes
    • Wellness & Nutrition
    • Personal Growth
    • Podcast
  • Resource Centers
  • Products & Services
    • Buyer’s Guide
    • Products Directory
    • Submit a Product
    • Vendor Login
  • Datebook
    • Become an Events Poster
    • Post an Event
    • View Events
  • Jobs
    • Jobs
    • Post a Job
  • Advertise
    • Advertising Information
    • Media Kit
    • Contact Us
    • Upload Advertising

Your Online Chiropractic Community

Chiropractic Economics Your Online Chiropractic Community
Subscribe
  • Home
  • Current Issue
  • News
  • Webinars
  • Chiropractic Research
  • Students
  • Coronavirus (COVID-19)

Performing a chiropractic security risk assessment

Kaitlin Morrison November 7, 2016

security risk assessment

As a provider of healthcare for patients, your practice is required to ensure that patient data is secure and adequately protected.

Healthcare organizations such as chiropractic practices are regulated by HIPAA and must complete a security risk assessment to look for possible threats to patient information.

If your clinic has not completed a risk assessment yet, here are some tips and more information on this process.

Security assessment and rule basics

HIPAA’s Security Rule requires that covered entities, such as chiropractic practices, complete security risk assessments. In fact, any and all electronic patient health information that your clinic creates, receives from elsewhere, uses, or transmits away from your clinic is subject to the security rule. You are required to not only evaluate your clinic’s risks to patient data, but you are also required to enact reasonable protections to minimize these risks.¹

This rule begins with analysis. Your security risk assessment will help you identify security strengths and weaknesses so that you can sufficiently protect your patients’ information.

As you complete the analysis, you will identify how data is created and used by your clinic. From there, you will look for threats to this data from internal and external sources. You will look at every aspect of data access, creation, and use within your clinic in addition to how data is transmitted outside of your clinic for use or storage.¹

Why security risk assessments are essential

Your security risk assessment will help you correct potential data security problems before they happen. As such, avoiding a risk assessment may result in these threats manifesting themselves.

The assessment process is designed to protect you and your clinic as much as possible. This can help minimize your practice’s liability if the worst happens to your patients’ information.¹

Because the assessment is also required by HIPAA, not completing it violates important healthcare regulations and may result in negative consequences for your practice. The security rule provides specific guidance for conducting a thorough risk assessment, so not doing so would be unwise for your practice.¹

How to assess your own risk

To conduct your own risk assessment, review the security rule and the assessment requirements that apply to your organization. As long as your own assessment method meets security rule standards, you may use your own customized assessment.

Generally speaking, these standards require that your assessment review every aspect of patient data recording, use, access, and transmission. For example, you will be reviewing how staff members in your clinic login and use your EHR, how paper records are handled and stored, what access vendors and consultants have to your patients’ data, and other issues.

You will be looking for ways unauthorized users may try to gain access, considering the possible implications of staff mistakes and reviewing your clinic’s methods for transmitting data to clinical partners. Any situation where patient data is used should be scrutinized very carefully.¹

Although not required, the Office of the National Coordinator for Health Information Technology (ONC) has a downloadable tool available that helps you review your practice’s compliance by asking 156 questions about your clinic. These are straightforward “yes” and “no” questions designed to reveal your practice’s security risks. From there, you can use your answers to suggest areas where you need to improve your patient information security.

Start your security risk assessment

Because risk assessments are such an important prevention strategy, your clinic should make it a priority to review your patient information use. As you conduct your assessment, document each question and answer carefully, providing a plan to address each area of weakness you identify throughout the process.

You may also want to get staff members involved. Your staff may help you identify other issues and solutions, so be sure to ask for their insights.¹

References

¹HHS.gov. “Guidance on Risk Analysis.” U.S. Department of Health & Human Services. http://www.hhs.gov/hipaa/for-professionals/security/guidance/guidance-risk-analysis/index.html. Accessed: October 2016.

Related Posts

  • The benefits of educating your clients on HIPAA complianceThe benefits of educating your clients on HIPAA compliance
  • Is your communication with patients HIPAA compliant?Is your communication with patients HIPAA compliant?
  • Maximize your chiropractic practice with EHR data sharingMaximize your chiropractic practice with EHR data sharing
  • Mobile healthcare apps: What every DC needs to knowMobile healthcare apps: What every DC needs to know
  • Meaningful use deadline is March 13: What you need to knowMeaningful use deadline is March 13: What you need to know
  • Protect your practice from social engineering attacksProtect your practice from social engineering attacks

Filed Under: Practice Management Software, Resource Center

Current Issue

Follow Us

  • Facebook
  • Twitter
  • Instagram
  • LinkedIn
  • YouTube logoYouTube logoYouTube

820 A1A N Highway W18,

Ponte Vedra Beach, FL 32082

Phone 904.285.6020

Fax 904.395.9118

CONTACT US »

Privacy Policy & Terms of Service

Copyright © 2021, All Rights Reserved

SUBSCRIBE TO THE MAGAZINE

Get Chiropractic Economics magazine
delivered to your home or office. Just
fill out our form to request your FREE
subscription for 20 issues a year,
including two annual Buyers Guides.

SUBSCRIBE NOW »

Latest Chiropractic News

  • World Federation of Chiropractic announces open virtual congress in September
  • Life West marks 40 years of promoting vitalistic chiropractic
    Life West College photo
  • Lifestyle change for women, even in middle age, may reduce future stroke risk