By Jack Anderson
June 13, 2016
Viewing a risk assessment as the test at the end of a process is dead wrong. A proper risk assessment is the spark at the beginning of a process and also a quick Jumpstart to a process that lost its spark. As counterintuitive as it seems a risk assessment that shows a lot of need for improvement is a good thing, as long as it generates actions to make the improvements. I recently had a client say that they didn’t want to do their risk assessment until they had installed a new firewall. Actually the best plan would be to do the first risk assessment, fix the firewall, and then do the next risk assessment showing progress.
A single risk assessment is not as relevant as a series of risk assessments showing HIPAA compliance progress. Of course that means that doing repetitive HIPAA risk assessments can be done cost effectively and efficiently. The old axiom that giving a man a fish solves his hunger for a day but giving him a fishing pole and teaching him to fish solves his hunger for a lifetime. The fishing pole here is an on-line automated risk assessment tool that you learn to operate yourself.
By doing quarterly risk assessments your HIPAA program will stay fresh and powerful. If you need that Jumpstart to revitalize your current program drop me an email at jack@compliancehelper.com