Securing electronic protected health information is HIPAA required and essential for community health centers and their patients. The Fisher Consulting Group offers security risk analysis services for ePHI compliance and meaningful use requirements, including assistance with developing and drafting requisite policies. FCG consultants work closely with FQHC confidentiality & Security teams to assist with any questions and to resolve risks and gaps while clinic staff complete the various sections of the SRA tool. This team approach allows for full divergence and working knowledge in this critical area.
The FCG Security Risk Analysis Process
Staff education on the SRA tool
Discuss policy, purpose, scope, and procedure.
Review safeguards, threats, and vulnerabilities
Determine if addressable items are applicable
Utilize the SRA tool to complete the project.
Identify and review risk level impact and likelihood.
Calculate an overall risk score.
Review the completed SRA.
Develop plans and draft policies to prioritize action items.
Address any identified threats and vulnerabilities.
The Security Risk Assessment expires each year. FCG helps clinics establish an SRA infrastructure that can be efficiently reviewed and updated annually.
The Fisher Consulting Group can act as your system administrator to ensure risks and vulnerabilities are minimized.