top of page

BreachRisk™ Use Case:

HIPAA Security Rule Compliance

healthcare, compliance, high impact

Tags:

Type

1st-Party

Key Roles

Risk Manager, CEO, CFO, Chief Risk Officer

Key Feature Aspects:

fair, easy, affordable, enterprise risk management

About this Use Case

 LIVING DOCUMENT

Progress Updated Periodically

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information.1 To fulfill this requirement, HHS published what are commonly known as the HIPAA Privacy Rule and the HIPAA Security Rule. The Security Standards for the Protection of Electronic Protected Health Information (the Security Rule) establish a national set of security standards for protecting certain health information that is held or transferred in electronic form.

BreachRisk can help applicable organizations identify anticipated threats, verify the confidentiality of some of e-PHI, and anticipate possible disclosure incidents. It can also support the The Administrative Safeguards provisions in the Security Rule to providing risk analysis and supporting risk management.

Success Summary

Why BreachRisk™ is a good fit

BreachRisk directly satisfies the need to analyze risk and identify threats. It can also support verification of confidentiality. Healthcare organizations tend to be very resource-constrained, so the automated delivery of BreachRisk helps alleviate manpower concerns that might typically accompany satisfying the security rule.

Barriers or misconceptions

Many healthcare organizations don't know what they don't know. But also many tend to have a very high number of risks. Once risks are identified, the organization may struggle to take mitigation actions due to resource constraints.

Key outcomes

Healthcare organizations satisfy these HIPAA requirements easily, but - more importantly - they enter a new standard of care in identifying and avoiding breaches.

Discussion

We have customers actively engaged in this use case. We'll provide more information soon.


For more information about the HIPAA security rule, please reference this article from HHS.gov.

bottom of page