So you’ve completed your HIPAA Security Risk Analysis. You have identified the information assets, threats, and vulnerabilities. You have assessed the likelihood of occurrence and impact for each risk. And you have a remediation plan to address these risks. What’s next?
Ways to Deal with Risk
- Accept: Risks with a low risk score or mitigation is unreasonable for the organization.
- Avoid: Risks that can be eliminated.
- Shift Liability: e.g. Insurance or proper Business Associate Agreements
- Mitigate: Reduce likelihood of occurrence or impact
What is mitigation?
It is impossible to completely eliminate all of your risk. But it is not impossible to minimize your exposure by reducing the likelihood of occurrence and/or the impact. This is called mitigation.
The Importance of Documentation
Whatever you do to mitigate your risks, document your efforts. Not only a check mark noting completion of the tasks. Document also the progress of your efforts towards completion. These notes will come in handy in the future as you monitor the effectiveness of your mitigation efforts.
How We Can Help
We have the tools, knowledge, and experience to support your risk mitigation efforts. Even if you do much of the mitigation work on your own or involve your existing technical support team, you may want us to review the results and “sign off” on completion of the tasks. We’ll customize a service engagement to match your needs, goals, and budget.