HIPAA Risk Assessment

HIPAA Risk Assessment

HIPAA has been addressing the privacy and security of electronic protected health information utilized by health plans, healthcare clearinghouses, and healthcare providers. With the passing of the HITECH Act in 2009, compliance with HIPAA standards is now mandated for all covered entities and their third-party vendors. Not only are these business associates now subject to the same HIPAA security and privacy requirements, but they are subject to the same civil and criminal penalties as well. Compliance with these regulations has never been more important for any company doing business in the healthcare industry. The NuvoSys Healthcare IT Assessment provides a comprehensive evaluation of your compliance posture so you can be confident that you and your business associates are secure, protected, and up to date.

Key Areas Covered: ePHI Environment Review, Breach Notification, Encryption Standards, IT Security Recommendations, HIPAA Compliance Policies and Procedures.

NuvoSys follows NIST 800 Risk Management Procedures describe below

Input Risk Mitigation Activities Output
Risk levels from the risk assessment report Step 1.   Prioritize Actions Actions ranking from high to low
Risk assessment report Step 2.  Evaluate Recommended Control Options

  • Feasibility
  • Effectiveness
List of possible controls
Step 3.  Conduct Cost-Benefit Analysis

  • Impact of implementing
  • Impact of not implementing
  • Associated costs
Assist Client with Cost-benefit analysis
Step 4: Select Controls Selected controls (Client)
Step 5: Assign Responsibility List of responsible persons
Step 6: Develop Safeguard Implementation Plan

  • Risks and Associated Risk Levels
  • Prioritized Actions
  • Recommended Controls
  • Selected Planned Controls
  • Responsible Persons
  • Start Date
  • Target Completion Date
  • Maintenance Requirements
Assist Client with a Safeguard implementation plan
Step 7: Implement Selected Controls Residual risks


The overall benefits of this assessment include:

  • Rapid identification of issues
  • Comprehensive testing by elite security professionals
  • Extensive risk analysis for all findings
  • Detailed recommendations that can be used in remediation activities
  • Demonstration of business risk to help senior executives understand the impact security vulnerabilities can have on the business

Within the NuvoSys HIPAA Security Rules Assessment, we created a common controls framework that combines the 300 identified HIPAA controls with other industry best-practice standards. This unique framework aligns with HIPAA Security Rule, HITECH requirements, NIST SP 800 series, and ISO 27001 to provide the most comprehensive assessment. Along with the assessment, NuvoSys also provides a detailed gap analysis and a complete set of policy templates to assist you in your compliance efforts

HIPAA Reporting and Execution

Nuvosys will provide an in-depth Healthcare HIPAA Risk Assessment IT report designed to give meaning to the data, including a detailed technical report, an executive summary for boardroom action, and a full presentation on assessment findings. This knowledge transfer ensures a comprehensive understanding of your current compliance state, risk liability, and recommendations for improvement.

Compliance is important, but it does not equal security. Additional steps should be taken to ensure the safety of protected health information (PHI). The NuvoSys Healthcare IT Vulnerability Assessment and Penetration Testing services simulate malicious intent to reveal hidden weaknesses in your IT and physical environments that can leave your organization exposed.