• Menu
  • Skip to main content
  • Skip to secondary navigation
  • Skip to primary sidebar
  • Skip to footer

Before Header

  • About
  • Search
  • Resources
  • Privacy
  • Contact
 

Amaxx Workers Comp Blog

Reduce Workers Compensation Costs By 20-50%

Header Right

  • Home
  • Books
    • Big Book
    • Mini Book
  • Training
    • WC Mastery Membership
    • Course Curriculum
    • Certified Master of Workers’ Compensation
    • Certified Master of WC – Best in Class
  • Coaching
    • CompElite Strategic Coaching for Employers
    • BrokerElite Coaching for WC Business Growth
  • Software
  • Blog
  • Advertising

Mobile Menu

  • Home
  • Books
    • Big Book
    • Mini Book
  • Training
    • WC Mastery Membership
    • Course Curriculum
    • Certified Master of Workers’ Compensation
    • Certified Master of WC – Best in Class
  • Coaching
    • CompElite Strategic Coaching for Employers
    • BrokerElite Coaching for WC Business Growth
  • Software
  • Blog
  • Advertising
  • About
  • Search
  • Resources
  • Privacy
  • Contact
You are here: Home / Assessment & Diagnostics / Conducting an Effective Security Risk Assessment

Conducting an Effective Security Risk Assessment

November 25, 2015 By //  by Kenneth Overton Leave a Comment

HIPAA Mandate

 

Congress initiated health care reform during the Obama Administration to provide people with health insurance throughout their employment (i.e., job after job) and to safeguard their medical data through a uniform management of electronically stored data. Rules imposed standards that were promulgated by the Department of Health and Human services, including specifics for managing and protecting health information. The specifics appear as the Health Insurance Portability and Accountability Act (HIPAA). Its Security Rule mandates that those covered by the Act evaluate their health care operation for potential security risk. Healthcare organizations are required to be compliant with HIPAA’s technical, administrative, and physical safeguards. The Office for Civil Rights has provided compliance information.

 

 

 

 

Methodology for Conducting an Effective Security Risk Assessment

 

 

Competing stakeholders utilize a variety of systems to manage data, store the information, and convey the information to users. Classically, these responsibilities have been “delegated” to data managers, but HIPAA stakeholders comprise a much larger concerned group than those who enter or maintain computers and IT data. Security risk can be assigned to multiple stakeholders, but the IT framework must address their access, hardware, software, employee training, and multiple interfacing business models with their internal processes. Risk assessment commences when the value of data is recognized on each level and the vulnerability of storage of information is defined. Managing risks identified will impact costs, productivity of employees, inter-system confidentiality barriers, communication, and decisions about delegating responsibility for continuing risk assessments in the future.

 

 

 

Goals Beyond HIPAA Requirements

 

 

Risk assessment may be impacted by issues beyond just risk. Those issues may foster additional goals for any assessment. For example, a further goal may be to identify points of noncompliance with existing mandates relating to office administrative protocols, technician and user training in data access, storage, actual technical training of technicians, etc. Another goal may relate to compatibility of data management with licensing requirements, limits based on the cultural folkways of the local region precluding effective risk assessment, legal mandates resulting from lawsuit, incident, complaint, etc. The additional goals will help determine whether resources for risk assessment are exclusively in-house or whether external consultants will be required for the risk assessment.

 

 

The Initial Assessment

 

“In broad strokes,” an initial assessment plan will define the present threat status for an organization, provide a framework for development of a continuing risk assessment program, and will typically entail these and additional parameters:

 

  1. Determine specifics of analysis,e.g., HIPAA requirements, objectives, etc.

 

  1. List organizational assets,e.g., system components, networking diagrams, physical hardware and equipment, data storage, types of data, software, existing operational protocols, operating security systems, access and authentication procedures, etc.

 

  1. Determine potential threats to those assets

 

  1. Itemize system vulnerabilities,e.g., people, equipment such as tyvek suits, communications and interfaces, etc.

 

  1. Determine effectiveness of current security.

 

  1. Identify specific levels of risk for problems delineated.

 

  1. Identify interaction effects of organizational assets.

 

  1. Review and modify organizational operations to eliminate potential internal threats.

 

  1. Develop a strategy to ameliorate all potential external threats.

 

  1. Establish a monitoring systemand a risk reassessment schedule.

 

 

Help in the Process

 

It is apparent that doing a risk assessment involves collection of a variety of information, in some cases, “voluminous” data. A number of resources (e.g., a “governmental consultant,” a “systems academic,” an “IT specialist,” a “safety consultant,” etc.) may assist the completion of the risk assessment task. Continuing education for a variety of health and safety professional groups continue to offer coursework on performing risk analysis. Businesses focusing on risk assessment vary from engineering groups, to IT groups, to medical schools, to software companies, etc.

 

 

 

Author Kenneth Overton is a risk management consultant and a former construction supervisor with over 10 years of experience in the industry. He specializes in risk analysis and disaster management. Contact: [email protected]

 

Filed Under: Assessment & Diagnostics

Related Articles

I Can’t Teach Anyone Anything In Workers’ Comp, I Can Only Make Them Think

I Can’t Teach Anyone Anything In Workers’ Comp, I Can Only Make Them Think

Assess 12 Areas To Determine Cause Of High Workers’ Comp Costs

Assess 12 Areas To Determine Cause Of High Workers’ Comp Costs

New Year’s Resolutions to Reduce Workers’ Compensation Costs

New Year’s Resolutions to Reduce Workers’ Compensation Costs

5 Elements to Review in Assessment of a Workers’ Comp Program

5 Elements to Review in Assessment of a Workers’ Comp Program

How to Calculate Your Minimum Experience Modification Factor

How to Calculate Your Minimum Experience Modification Factor

Start the New Year Off Right With An Ergonomics Review

Start the New Year Off Right With An Ergonomics Review

The Single Biggest Mistake With BIG DATA in Workers’ Comp

The Single Biggest Mistake With BIG DATA in Workers’ Comp

The Single Most Comprehensive Workers’ Comp Leading Indicator

The Single Most Comprehensive Workers’ Comp Leading Indicator

8 Steps To Assess Your Workers Comp Program

8 Steps To Assess Your Workers Comp Program

Complex Regional Pain Syndrome – Red Alert!

Complex Regional Pain Syndrome – Red Alert!

Identify Real Cost Drivers in Post Loss Workers Compensation

Identify Real Cost Drivers in Post Loss Workers Compensation

How to Handle the Worst News in Company History

How to Handle the Worst News in Company History

Free Download

5 Critical Metrics To Measure Workers’ Comp Success - FREE Download Click Here Now!

Train to Succeed

BECOME CERTIFIED IN WORKERS’ COMPENSATION

Proven Course Catalog & WC Toolbox Give You The Power To Achieve Lower Costs and Better Injured Worker Outcomes

VISIT WORKERS' COMP TRAINING CENTER

Previous Post: « Manitoba Trucking Association Drives Forward with Safety Initiative
Next Post: New Ohio Comp Law to Help Non-Profits »

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

FREE DOWNLOAD

5 Critical Metrics To Measure Workers’ Comp Success - FREE Download Click Here Now!

Our Sponsors

Catastrophic and Risk Solutions, Case Management Solutions, and Specialty Networks
 

Injury Management Solution for Employers

Blog Categories

Search Our Archive

Subscribe to Our FREE Newsletter

Return-to-Work Essentials

Footer

Search Our Archive

Search our continually growing archive of over 5,000 articles about Workers' Comp issues.

Quiclinks

  • Calculators
  • Terms & Abbreviations
  • Glossary of WC Premium Terms
  • WC Resources
  • Best Practices
  • Industries
  • Return-to-Work Essentials

RSS Recent Blog Posts

  • Five Metrics Every Employer Should Track to Master Workers’ Comp
  • Avoiding the Bugs Bunny Trap: Why Most Employers Struggle with Workers’ Comp
  • From First-Day to Fully Trained: The Overlooked Power of Onboarding in Injury Prevention
SUBSCRIBE TO OUR FEE NEWSLETTER
Let Us Help You Stomp Down the High Cost of Workers' Comp!
Top of Page ↑
  • Home
  • Training Center
  • Search
  • Membership
  • Products
  • Blog
  • About
  • Contact
  • Subscribe
  • Login
Copyright © 2025 Amaxx, LLC. All Rights Reserved. · Privacy Policy / Legal Notice