HIPAA Risk Assessment

HIPAA Security Risk Assessment

Section 164.308(a)(1) of HIPAA requires an organization to conduct the risk analysis of the organization, which is required to understand the flow of EPHI in the organization. The HIPAA Risk Assessment will be performed by the request of an Organization to AtLink Communications with the intent of allowing the Organization to become more aware of potential security risks and to better understand processes, procedures, equipment and restrictions needed to better comply with government regulations and general IT best practices for security of their IT environment and digitally stored data and minimize potential outages and security breaches to their IT network. The intent is to provide recommendations to the Security Officer of the Organization responsible for making the final decisions on what and how any of these recommendations should be implemented.

This will be updated in response to changes in the business environment.  The Organization will review the assessment at least annually. Also this document records the information used to assess