The first step in performing a HIPAA security risk assessment is to be sure you understand what Protected Health Information (PHI) your practice has.
Here’s how Wikipedia defines PHI: “Under the US Health Insurance Portability and Accountability Act (HIPAA), PHI that is linked based on the following list of 18 identifiers must be treated with special care:
Next, build a list of all of the places you store PHI. Here are common places we’ve seen at other clients:
Get some free help! Check out our free 42-Point Checklist for ways to make your practice HIPAA compliant.
Have questions or feedback? Please share them in the comments below.
Like this article? Share it!