Вы находитесь на странице: 1из 2

Quality 1

Quality and Regulatory Outcome

Assessing the privacy and security risk of an organization must be ongoing and entails a

multi-step and interdisciplinary process. A privacy and security risk assessment includes a

thorough assessment and analysis of the administrative, technical and physical safeguards of an

organization. Choosing an experienced and knowledgeable informatics team that is aware of the

current federal regulations regarding safeguarding the electronic health record must be of highest


The first step for the Privacy and Security Assessment for the organization begins with

identifying employees and business associates that are a part of the security safeguards of the

organization and how this meets the HIPAA regulations. The next step involves assessing the

administrative, technical and physical security safeguards that are already in place for the

organization. Then, utilizing an administrative, technical and physical security risk assessment

tool that assigns risk scores based on criteria met, scoring is completed. Such scoring results in a

low, medium or high risk impact. Part of the risk assessment involves assessing how electronic

protected health information (e-PHI) is transmitted. Reviewing how e-PHI is transmitted

includes identifying employees who have access to e-PHI and their level of access. This method

allows for identifying potential areas that may result in a breach of information. With such a

potential for a breach of information, assessment is done to review the organization’s knowledge

of proper procedures for the reporting of such breaches, depending on the number of individuals


After the assessment is completed, a summary of security strengths and weakness is

presented, along with the informatics team’s recommendation for addressing current issues and

prevention of any future occurrences. Any questions that may arise from the organization or the
Quality 2

informatics team can be answered with an open dialogue. This manner of step by step assessment

allows for the organization and the informatics team to work in collaboration not only with

identifying potential areas of security threats but with constructing solutions that have far

reaching beneficial consequences.