BMN Blog

SEP 29

As we enter into the last few months of this challenging year, many practices will be looking to perform a HIPAA IT Security Risk Analysis. When considering the approach to this year's analysis, it's important to consider any changes that may have been made to critical IT systems as part of the practice's response to COVID-19.

Many practices moved quickly this year to implement solutions that would allow staff to work from home.  Of course, these changes demand an analysis of the risk involved with the change to ensure that all protected health information is still secure and unauthorized access is prevented. When going through this year's risk analysis, practices should:

  • Identify and document any changes that allow for access to critical systems from outside the organization.
  • Consider both the mechanism provided for remote access (VPN, Remote Desktop, Third-Party Service) as well as any devices that may have been provided for work-at-home (Disk Encryption?).
  • Assess the risk associated with these changes and develop a remediation strategy to mitigate any risk identified.
  • Review the existing work-at-home policy and look at making any relevant changes that may be warranted.

Several organizations have reported positive experiences while pivoting and responding to COVID-19. It is imperative, however, that any risks or vulnerabilities that may have been introduced to the existing IT system are identified and addressed to prevent a significant breach of protected data.   

Nic Cofield is the Director of Client Services for Jackson Thornton Technologies at


Bookmark and Share
Powered by Bondware
News Publishing Software

The browser you are using is outdated!

You may not be getting all you can out of your browsing experience
and may be open to security risks!

Consider upgrading to the latest version of your browser or choose on below: