HIPAA COW Risk Analysis & Risk Management Toolkit

HIPAA COW is pleased to provide you with this HIPAA COW Risk Analysis & Risk Management Toolkit (Toolkit).  Please note that this Toolkit is a work in progress.  More documents will be added to further assist organizations in their efforts to complete a Risk Analysis, Risk Assessment, and their Risk Management strategy.  Please contact us with any recommendations, questions, or special requests.  The following Toolkit documents are currently available:

 

1)      Start Here: This Guide provides a summary of all the tools in this Toolkit (listed below) as well as ideas on how to use them to complete a risk analysis, risk assessment, and develop and implement a risk management strategy.  It also includes a list of references reviewed and used while developing this Toolkit.

 

2)      NIST Risk Assessment Steps

3)      HIPAA COW Risk Assessment Template.  This document contains several worksheets, including:   

• Example Security P&P List
• Security Questions
• Threat Source List
•  Inventory Asset List
•  Risk Mitigation Implementation Plan 

      4)      NIST Threat Overview

 

5)      Network Diagram Example

6)      NIST Risk Definitions & Calculations

7)      NIST Risk Mitigation Activities

 

 

Disclaimers

The HIPAA COW Risk Analysis & Risk Management Toolkit (Toolkit) documents are Copyright Ó 2012 by the HIPAA Collaborative of Wisconsin (“HIPAA COW”).  They may be freely redistributed in their entirety provided that this copyright notice is not removed.  When information from this document is used, HIPAA COW shall be referenced as a resource.  They may not be sold for profit or used in commercial documents without the written permission of the copyright holder.  This Guide and the Toolkit documents are provided “as is” without any express or implied warranty.   This Guide and the Toolkit documents are for educational purposes only and do not constitute legal advice.  If you require legal advice, you should consult with an attorney.  Unless otherwise noted, HIPAA COW has not addressed all state pre-emption issues related to this Guide and the Toolkit documents.  Therefore, these documents may need to be modified in order to comply with Wisconsin/State law.

 

The Toolkit provides an example HIPAA Security Risk Assessment and documents to support completing a Risk Analysis and Risk Mitigation Implementation Plan.  While it covers a broad spectrum of the requirements under the HIPAA Security Rule and HITECH, it may not cover all measures needed to secure your patients’ electronic protected health information (ePHI).  It is not meant to be construed as a one-size-fits all Toolkit.  As previously stated, this includes only an example method to complete a HIPAA Security Risk Assessment.  The HIPAA Security Rule requires this be completed on an ongoing basis, but does not prescribe how to accomplish this.  The authors of these documents carefully considered and included information that are believed to be of most importance, based on legal requirements, known HIPAA Security incident history, and personal experiences.  With that said, it may include items not required by your organization, exclude items required, and/or items that you need tailor to your organization’s needs.     

 

Toolkit Primary Author:  Holly Schlenvogt, MSH, CPM, Health Information Technology Specialist and Privacy & Security Lead, MetaStar/WHITEC

 

Toolkit Contributing Authors: HIPAA COW Risk Analysis & Risk Management Toolkit Networking Group Members:

 

• Kathy Argall, Co-Founder and CEO, InfoSec Compliance Advisors
• Cathy Boerner, JD, CHC, President, Boerner Consulting, LLC
• Ginny Gerlach, Information Security Officer, Ascension Health
• Lee Kadel, MMOT, EMBA, GHSC, GSEC, Information Security Analyst – Specialist, Wheaton Franciscan Healthcare
• Jim Sehloff, M.S. MT(ASCP), Information Security Analyst, CareTech Solutions 
• Kirsten Wild, RN, BSN, MBA, CHC, Wild Consulting, Inc.