Risk Assessment

Home>Security Services>Risk Assessment

The U.S. Department of Health and Human Services (HHS) says, “Risk analysis should be an ongoing process, in which a covered entity regularly reviews its records to track access to e-PHI and detect security incidents, periodically evaluates the effectiveness of security measures put in place, and regularly reevaluates potential risks to e-PHI.” To be compliant, it should be conducted or reviewed annually and revisited any time there is a change in the operating or technical environment. Conducting a Risk Assessment supports awareness and development of data security programs, allowing you to achieve business goals. 

CynergisTek uses a NIST-based methodology when conducting a Risk Assessment, as OCR’s guidance on requirements for risk analysis points to recommendations and guidelines established by NIST for conducting a risk analysis. CynergisTek’s stand-alone assessment combines several of our individual security and technical tests into a single engagement aimed specifically at addressing the requirement for a risk assessment and ongoing risk management. We also offer a Risk Assessment as part of a comprehensive compliance management program, Compliance Assist Partner Program (CAPP).

The Risk Assessment includes the following components:

After data collection, we provide detailed report of findings, observations, recommendations, and remediation steps. CynergisTek also provides personalized trending data for our repeat customers that will helps assess the overall program maturity.

What Are My Requirements to Perform a Risk Assessment?

Ask An Expert

Learn more about our risk assessment service.

Speak to one of our experts today.
Ask An Expert