HIPAA Risk Analysis

HIPAA Risk Analysis is a rigorous and detailed identification and prioritization of key risks currently facing our healthcare partners.

Our Risk Analysis explores the likelihood of a breach and the magnitude of its potential impact by assessing the physical, administrative and technical information security controls and safeguards outlined by the HIPAA Security Rule.

This service centers on threats, vulnerabilities and their associated risk. Fortified closely adopts the National Institute of Standards & Technology (NIST) recommended methodology for conducting the HIPAA Risk Analysis. This methodology, while modified to some extent for your specific needs, is widely accepted as the “gold standard” for conducting risk analyses.

The risk analysis, coupled with vulnerability scanning, brings a comprehensive view of organizational risk from a strategic, operational and tactical perspective. This multi-layered approach gives you a higher level of insight into your exploitable vulnerabilities which — if not properly addressed — could increase the impact operationally and financially.

Vulnerability Threat Management gives an organization continuous visibility of any vulnerabilities in its IT environment. The purpose of continuous VTM (in contrast to vulnerability scanning) is to eliminate the “snapshot in time” approach. With an ever-changing IT environment where new vulnerabilities are discovered daily, it is imperative your organization continuously manage risk.

The Fortified Difference

Fortified prides itself on being a true extension of our client’s security and IT teams. Since our focus is on long term partnerships, we are able to learn the nuances and politics of your organization and environment over time. We find that each organization is different and those differences often have a profound impact on the effectiveness of an organizational security program.

Armed with this pertinent, uniquely focused information, our findings and subsequent recommendations are specifically tailored to your organization. Through our Risk Analysis and Vulnerability Threat Management service, you are given access to a proprietary dashboard where you can review and manage your organizational risks in real time.

Get a Free Consultation!

Delivery Methods

Fortified will work with you to assess your current security posture and help you pick the approach that makes most sense for you. Here are some of the ways we can implement HIPAA Risk Analysis for your organization.

Option 1
Managed Service
(3-year contract)
  • Continuous annual HIPAA risk analysis
  • Monthly vulnerability scanning
  • Monthly technical call to address VTM findings
  • Monthly non-technical calls to address RA findings

Value to your security program:

  • Compliant with the HIPAA Security Rule for completion of a risk analysis
  • Satisfies HIPAA Security Rule requirement of continuous evaluation and management of organizational risk
  • Continuous deep technical scan of your environment to demonstrate progress and trending over time
Option 2
One-Time Analysis
  • HIPAA risk analysis
  • Vulnerability scan

Value to your security program:

  • Compliant with HIPAA Security Rule for completion of a risk analysis
  • Deep technical scan of network instead a technical questionnaire