The HealthPOINT Security Risk Assessment (SRA) is a qualitative risk analysis providing all of the core requirements to “Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the conﬁdentiality, integrity, and availability of electronic protected health information held by the covered entity” as required by the HIPAA Security Rule (45 CFR 164.308(a)(1)), and to satisfy the related core Meaningful Use criteria as described in the ﬁnal CMS Medicaid and Medicare Electronic Health Records Incentive Rule.
The SRA results in many deliverables for an organization:
- Executive Summary for Administration
- Detailed Findings Report for the IT Staff and the Compliance Ofﬁcial
- PHI inventory
- Criticality and Threat matrix