HIPAA Security Risk Assessments

If your law firm is considered a Business Associate as defined by The Health Insurance Portability and Accountability Act (HIPAA), you are required to have a periodic risk assessment. HIPAA was enacted to protect the privacy and security of sensitive patient health information. It is an organization’s responsibility to implement safeguards that ensure electronic protected health information (e-PHI) held by the organization is properly protected. LaSalle Consulting Partners has developed a HIPAA Risk Assessment Security Service that helps covered entities identify and implement the proper safeguards to protect (e-PHI) and to comply with the HIPAA regulations. The HIPAA Security Service consists of the following:

• A detailed HIPAA Security Risk Assessment
• 18 HIPAA Security Policy and Procedure Templates
• Online training covering HIPAA Security and Privacy, and compliance testing to all employees (Updated training materials are released annually in January)
• Dark Web scanning and monitoring
• Simulated phishing attacks
• Access to the HIPAA Breach Prevention Platform Portal (12-month subscription)

Our reviews also help to identify some of the areas where a service provider does not meet the Cybersecurity Program Best Practices as defined and released by the Department of Labor in April 2021. The risk assessment should also meet the DOL’s guideline to have a “Prudent Annual Risk Assessment.”