What is an SRA?
The Security Risk Analysis (SRA) is a Health Information Portability and Accountability Act (HIPAA) requirement and it is also required by CMS for both Meaningful Use and Merit-based Incentive Payment System (MIPS). However the most important reason to do an SRA is to keep your patients Protected Health Information (PHI) safe. An SRA has to be conducted annually to be compliant with HIPAA and CMS requirements.
The information stored in your Electronic Health Record (EHR) is very attractive to hackers. Your EHR has everything hackers need for identify theft all in one place. Steps to ensure the safety of your patient’s PHI include:
- Conduct a vulnerability assessment on your network annually
- Follow security best practices for securing your network
- Ensure that your security policies define the proper procedures for handling PHI and patients
- Evaluate your physical security to ensure it limits access to your network equipment
A SRA conducted by GCREC does all the above. The SRA Package given at the completion of our assessment includes:
- SRA report - describes your current network configuration along with your risk and potential exposures; and gives recommendations on how to mitigate them
- SRA tool – displays how your risks and potential exposures were determined
- Action Plan – lists all of the risks and potential exposures, can be used to keep track of the steps of your mitigation process
- Security Policy Guide – can be used to create your own security policies or to ensure your existing security policies include all areas required by HIPAA
Please contact GCREC if you are interested in securing your network and your PHI.
HIPAA Training Course
The Gulf Coast Regional Extension Center (GCREC) HIPAA Training course will give participants the knowledge required to handle patients and Protected Health Information (PHI) in accordance with HIPAAs (Health Information Portability and Accountability Act) Privacy and Security directives. HIPAA Training is for anyone that handles PHI and is required every two years to be in compliance with HIPAA directives.
- Introduction to the HIPAA Privacy Rule
- Definition of Protected Health Information
- Covered Entities and Business Associates
- Authorized Use & Disclosure of PHI
- Privacy Practices
- Patient Rights
- Breach Notification Rule
- OCR Audits
- Introduction to the HIPAA Security Rule
- Physical Security
- Technical Security
- Administrative Security
- Workforce Clearance Procedure
Our course offers several benefits, including:
- Open Registration
- 100% online instruction
- Self-paced course with two months’ timeframe for completion
- Certificate of Completion provided
- In compliance with HIPAA Training requirements for two years
Discounted Group Rates available, please contact us for more information.