HIPAA Risk Assessment

What is a Risk Assessment?

A Risk Assessment is a thorough look at your workplace to identify the items, situations, processes, etc. that may cause harm. This includes to people and/or data. After identification is made, analyzation and evaluation takes place. This is to see how likely and severe the risk is. When this determination is made, we will generate a “Mitigation Plan” to decide what measures should be in place. This allows to effectively eliminate or control the harm from happening.

Why is a Risk Assessment important?

They are very important as they form an integral part of an occupational health and safety management plan. They help to:

  • Create awareness of hazards and risks.
  • Identify who may be at risk (e.g., employees, cleaners, visitors, contractors, the public, etc.)
  • Determine whether a control program is required for a particular hazard.
  • Determine if existing control measures are adequate or if more should be done.
  • Prevent injuries or illnesses, especially when done at the design or planning stage.
  • Prioritize hazards and control measures.
  • Meet legal or HIPAA requirements where applicable.

Warning: IT Factor has noted that there are some companies that have been performing Risk Assessments in the El Paso area. These companies are given a single page document with checkmarks on them stating everything has passed the assessment. This is not a valid assessment as an assessment should include all documentation and equals out to about 30 pages of information.

Why Choose Us?

IT Factor has performed 100+ HIPAA and Standard Risk Assessments over the past few years. We understand the terminology that comes with a risk assessment and reviewing a Policy and Procedures manual. Our risk assessments include:

  • Analyzation and Review
  • Risk Analysis and Rating
  • Mitigation Plan and Implementation Plan
  • Disaster Recovery Planning
  • Penetration Testing

Frequently Asked Questions

How long does this process take?

When performing a risk assessment, we will sit with your security official (Owner or Office Manager) and review our questionnaire form. This process will take around 2 hours of time. Once the questionnaire is complete, we will review all risks. We then generate a mitigation plan, disaster recovery plan, and perform a penetration test for your network. You will receive all documentation and testing results within 24 hours from the initial meeting.

How often do I need to perform a Risk Assessment?

You should have a risk assessment performed once a year. This is especially true with HIPAA risk assessments. If audited, you will have documentation about your progress in your mitigation plans. This shows that you are actively working to solve the issues found from the original assessment.

What should I have at our first meeting for my Risk Assessment?

Please have your Employee Handbook or Policies and Procedures manual available for review. This could also be sent to us in PDF format via e-mail. If you have any prior Risk Assessments or Penetration Tests performed, please have that documentation available as well.