• Magazine
    • Past Issues
    • Subscribe
    • Change Mailing Address
    • Surveys
    • Guidelines for Authors
    • Editorial Calendar
    • Editorial Deadlines
    • Dynamic Chiropractic
      • Newspaper
      • Subscription
    • The American Chiropractor
      • Magazine
  • Practice
    • Business Tips
    • Chiropractic Schools
    • Clinical & Technique
    • eBooks
    • eCourses
    • Sponsored Content
    • Infographics
    • Quizzes
    • Wellness & Nutrition
    • Personal Growth
    • Podcast
    • Coronavirus (COVID-19)
  • Resource Centers
  • Products & Services
    • Buyers Guide
    • Products Directory
    • Submit a Product
    • Vendor Login
  • Datebook
    • Become an Events Poster
    • Post an Event
    • View Events
  • Jobs
    • Jobs
    • Post a Job
  • Advertise
    • Advertising Information
    • Media Kit
    • Contact Us

Your Online Chiropractic Community

Chiropractic Economics Your Online Chiropractic Community
Subscribe
  • Home
  • Current Issue
  • News
  • Webinars
  • Chiropractic Research
  • Students

Performing a chiropractic security risk assessment

Kaitlin Morrison November 7, 2016

security risk assessment

As a provider of healthcare for patients, your practice is required to ensure that patient data is secure and adequately protected.

Healthcare organizations such as chiropractic practices are regulated by HIPAA and must complete a security risk assessment to look for possible threats to patient information.

If your clinic has not completed a risk assessment yet, here are some tips and more information on this process.

Security assessment and rule basics

HIPAA’s Security Rule requires that covered entities, such as chiropractic practices, complete security risk assessments. In fact, any and all electronic patient health information that your clinic creates, receives from elsewhere, uses, or transmits away from your clinic is subject to the security rule. You are required to not only evaluate your clinic’s risks to patient data, but you are also required to enact reasonable protections to minimize these risks.¹

This rule begins with analysis. Your security risk assessment will help you identify security strengths and weaknesses so that you can sufficiently protect your patients’ information.

As you complete the analysis, you will identify how data is created and used by your clinic. From there, you will look for threats to this data from internal and external sources. You will look at every aspect of data access, creation, and use within your clinic in addition to how data is transmitted outside of your clinic for use or storage.¹

Why security risk assessments are essential

Your security risk assessment will help you correct potential data security problems before they happen. As such, avoiding a risk assessment may result in these threats manifesting themselves.

The assessment process is designed to protect you and your clinic as much as possible. This can help minimize your practice’s liability if the worst happens to your patients’ information.¹

Because the assessment is also required by HIPAA, not completing it violates important healthcare regulations and may result in negative consequences for your practice. The security rule provides specific guidance for conducting a thorough risk assessment, so not doing so would be unwise for your practice.¹

How to assess your own risk

To conduct your own risk assessment, review the security rule and the assessment requirements that apply to your organization. As long as your own assessment method meets security rule standards, you may use your own customized assessment.

Generally speaking, these standards require that your assessment review every aspect of patient data recording, use, access, and transmission. For example, you will be reviewing how staff members in your clinic login and use your EHR, how paper records are handled and stored, what access vendors and consultants have to your patients’ data, and other issues.

You will be looking for ways unauthorized users may try to gain access, considering the possible implications of staff mistakes and reviewing your clinic’s methods for transmitting data to clinical partners. Any situation where patient data is used should be scrutinized very carefully.¹

Although not required, the Office of the National Coordinator for Health Information Technology (ONC) has a downloadable tool available that helps you review your practice’s compliance by asking 156 questions about your clinic. These are straightforward “yes” and “no” questions designed to reveal your practice’s security risks. From there, you can use your answers to suggest areas where you need to improve your patient information security.

Start your security risk assessment

Because risk assessments are such an important prevention strategy, your clinic should make it a priority to review your patient information use. As you conduct your assessment, document each question and answer carefully, providing a plan to address each area of weakness you identify throughout the process.

You may also want to get staff members involved. Your staff may help you identify other issues and solutions, so be sure to ask for their insights.¹

References

¹HHS.gov. “Guidance on Risk Analysis.” U.S. Department of Health & Human Services. http://www.hhs.gov/hipaa/for-professionals/security/guidance/guidance-risk-analysis/index.html. Accessed: October 2016.

Related Posts

  • PerformTex Tape releases new 3 spray systemPerformTex Tape releases new 3 spray system
  • Chiropractic school cost and the ‘big 3’ issues that keep colleges strugglingChiropractic school cost and the ‘big 3’ issues that keep colleges struggling
  • Improve your immune system with diet, augmented by chiropractic careImprove your immune system with diet, augmented by chiropractic care
  • Life University Hosts American Black Chiropractic Association Eastern Regional ConventionLife University Hosts American Black Chiropractic Association Eastern Regional Convention
  • Chiropractic and Children
  • Parker University receives John W. Nason Award for Board LeadershipParker University receives John W. Nason Award for Board Leadership

Filed Under: Practice Management Software, Resource Center

Current Issue

CE issue 2 cover

Follow Us

  • Facebook
  • Twitter
  • Instagram
  • LinkedIn
  • YouTube logoYouTube logoYouTube

Compare Subscriptions

Dynamic Chiropractic

The American Chiropractor

3948 3rd Street South #279,

Jacksonville Beach, FL 32250

Phone 904.285.6020

CONTACT US »

Privacy Policy & Terms of Service

Copyright © 2021, All Rights Reserved

SUBSCRIBE TO THE MAGAZINE

Get Chiropractic Economics magazine
delivered to your home or office. Just
fill out our form to request your FREE
subscription for 20 issues a year,
including two annual Buyers Guides.

SUBSCRIBE NOW »

Latest Chiropractic News

  • Foundation for Chiropractic Progress’ Podcast Wins Gold in the AVA Digital Awards
    Foundation for Chiropractic logo
  • Foot Levelers Names Jamie Greenawalt as President, Signifies a New Era of Growth for the World’s Leading Provider of Flexible Custom-Crafted Orthotics
  • Logan University names Petrocco-Napuli new dean for college of chiropractic