.

HIPAA: Security Risk Analysis Matrix

<<

Dengar13

User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Thu Feb 25, 2010 11:02 am

HIPAA: Security Risk Analysis Matrix

Greetings:

I am looking into creating a Security Risk Analysis Matrix for our HIPAA compliance and was wondering if anyone had experience with this.  Does anyone know where a good resource and template would be?

Thanks all!
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
<<

oneeyedcarmen

User avatar

Full Member
Full Member

Posts: 233

Joined: Thu Jul 05, 2007 2:13 pm

Location: Baltimore, MD USA

Post Thu Feb 25, 2010 11:28 am

Re: HIPAA: Security Risk Analysis Matrix

I actually put one together about two years ago at the last job. I might have it saved somewhere. If I do, it's yours.
Reluctant CISSP, Certified ASS
<<

Dengar13

User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Thu Feb 25, 2010 11:41 am

Re: HIPAA: Security Risk Analysis Matrix

Muchos Gracias!  I would definitely owe you a beer or drink of your choice.  ;D
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
<<

tux633k

Newbie
Newbie

Posts: 9

Joined: Sat Apr 10, 2010 9:50 pm

Post Sat Apr 10, 2010 10:10 pm

Re: HIPAA: Security Risk Analysis Matrix

Hi there, I could use some guidance on this as well.  By chance, is there some template that can be followed, any help is very much appreciated...

Thank you,

-J
CEH, MCP, CSCS, CHP
<<

Dengar13

User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Fri Apr 30, 2010 7:49 pm

Re: HIPAA: Security Risk Analysis Matrix

I found a really nice one.  This looks pretty darn good to me.

http://www.google.com/url?sa=t&source=w ... EHt7_XeT_A
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Sat May 01, 2010 5:53 pm

Re: HIPAA: Security Risk Analysis Matrix

The link will take you to a plethora of available HIPAA templates. Google is your friend:

hipaa +template filetype:xls
<<

Dengar13

User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Sat May 01, 2010 5:54 pm

Re: HIPAA: Security Risk Analysis Matrix

Actually, that link will take you to one specific Word document.  And yes, Google is your friend.
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Sat May 01, 2010 5:57 pm

Re: HIPAA: Security Risk Analysis Matrix

Dengar13 wrote:Actually, that link will take you to one specific Word document.  And yes, Google is your friend.


Weird, I tinyurl'd the following:

http://www.google.com/search?q=hipaa+te ... =firefox-a
<<

Dengar13

User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Thu May 06, 2010 1:51 pm

Re: HIPAA: Security Risk Analysis Matrix

Sorry, Sil.  Here is the one I wanted to show you all.  :-[

http://www.vita.virginia.gov/uploadedFi ... mplate.doc
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Thu May 06, 2010 3:54 pm

Re: HIPAA: Security Risk Analysis Matrix

Dengar13 wrote:Sorry, Sil.  Here is the one I wanted to show you all.   :-[

http://www.vita.virginia.gov/uploadedFi ... mplate.doc


What I've found to be helpful to me was using EDUCAUSE's Information Security Governance Assessment Tool as a template alongside ISACA's "COBIT Mapping ISO/IEC 17799 :2000 With COBIT" http://www.isaca.org/ContentManagement/ ... ntID=35228 into my own template worked wonders in mapping most standards and guidelines. (You need to be an ISACA member to download that file). I went through a few months in meshing those two into something I use (sorry its work related so I can't and won't post).

EDUCAUSE has some great material there in regards to HIPPA (http://net.educause.edu/ir/library/excel/EAF0507d.xls) which would obviously need to be customized. For anyone who've done any GRC work, one would know it is a broad (to me - boring) process. I found it best to make my own template since there is so much overlap.

Dengar13: That linked Risk Assessment Report is ok, rather on the basic side, I implore you to check out the EDUCAUSE link as it encompasses a more complete and thorough walkthrough across all fields of compliance (technical and nontechnical) however, as stated, you'd need to spend time conforming it to your own business.
<<

Dengar13

User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Thu May 06, 2010 5:22 pm

Re: HIPAA: Security Risk Analysis Matrix

Thank you for the info, it is very helpful.  I have until May 30th to get this done so I will be burning the midnight oil on this one.
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
<<

tux633k

Newbie
Newbie

Posts: 9

Joined: Sat Apr 10, 2010 9:50 pm

Post Thu May 20, 2010 3:32 pm

Re: HIPAA: Security Risk Analysis Matrix

Thanks for the information everyone.  This will definately help me out.
CEH, MCP, CSCS, CHP
<<

Compliance

Newbie
Newbie

Posts: 2

Joined: Tue Jul 06, 2010 2:44 am

Post Tue Jul 06, 2010 3:12 am

Re: HIPAA: Security Risk Analysis Matrix

Most of these are generic Information Technology Risk Assessment documents. If you need a good resource for the HIPAA Security Risk Analysis which includes assessment for Administrative safeguards, Physical safeguards and Technical safeguards, then check this http://www.training-hipaa.net/template_ ... .htm&nbsp;

Normally companies charge anywhere between 10K to 20K for doing this type of assessment. I would recommend that before you start the assessment go through comprehensive training like Certified HIPAA Privacy Security Expert (CHPSE) as it looks like are very much involved in your HIPAA compliance. Comprehensive training will help you understand what you need, why you need etc. After having clear understanding of HIPAA regulation, it is easy to do the risk assessment.

The network vulnerability assessment (Pen testing) is something that you will have to do it on your own.

Return to Compliance, Regulations &amp; Standards

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software