• Friday, July 13, 2018 11:11 AM
    Reply # 6380170 on 6332693
    We had a formal risk assessment done by a third party last year that was very informative but also pretty costly.
    Is there a defined process to meet compliance?
    I was thinking about having that consultant just do a refresh and focus on the areas that we didn't score as high.  I'd be willing to forego and use this template (or similar) if that meets requirements.  
    Is there a standard for this?
    Thanks, Gerry
  • Friday, June 22, 2018 10:08 AM
    Reply # 6332693 on 6290681

    Attached is a sample SRA template in response to Joy's request.

    Anne Zaccheo

    1 file
  • Thursday, June 14, 2018 9:01 AM
    Reply # 6311674 on 6290681

    Thanks all for the feedback. We utilized the CMS risk assessment tool and I am glad I did as it is comprehensive and highlights the weaknesses and strengths in policy and procedures.

  • Wednesday, June 13, 2018 11:24 AM
    Reply # 6308559 on 6290681

    Anne, Would you happen to have a template you could share with us for small practices?

  • Monday, June 11, 2018 12:10 PM
    Reply # 6303810 on 6290681

    We are a small practice and have developed our internal compliance infrastructure over the past 6 years, including internal policies and procedures, written physical, technical and administrative safeguards and employee training. We also use the CMS online risk assessment tool as an additional check- I am happy to talk via phone for any specific questions. 

  • Sunday, June 10, 2018 8:56 AM
    Reply # 6301710 on 6290681

    Hi Pawan:

    At the practice where I previously worked, we outsourced the security risk assessment and analysis. It involved a significant amount of work by me and our staff (especially the IT staff). There are a variety of services out there, and the one we used is called HIPAA ONE. I am not endorsing them necessarily, but they might be worth checking out.


  • Wednesday, June 06, 2018 2:46 PM
    Message # 6290681

    MIPS requires an annual security risk assessment. Is anyone using a risk analysis tool different from suggested by CMS? If so, do you mind sharing it. And also if anyone willing to share HIPAA Security Policy for small medical group. 

    Any help is much appreciated.


    Pawan Arya

New York Medical Group Management Association, Inc.
EP II 11350 McCormick Road, Suite 904 Hunt Valley, MD. 21031
P: 410-527-0780 E: info@newyorkmgma.com
©  2015 - 2020 New York Medical Group Management Association, Inc.

Powered by Wild Apricot Membership Software