ClearDATA Security Risk Assessment (SRA) for Healthcare helps providers maintain compliance with MIPS annual security risk analysis as part of cloud adoption and digital transformation projects.
Healthcare providers that take part in the Merit-Based Incentive Payment System (MIPS) must comply with the requirement to protect patient information by performing an annual SRA - security risk analysis (per 45 CFR 164.308(a)(1)) – the HIPAA Security Rule. Failure to do so could result in a reduction in reimbursements and negative impact to your reputation.
The first and foundational step of completing the SRA is to create the organization’s PHI (Protected Health Information) inventory – where PHI lives (ex: Azure, COLO, server on site, device, healthcare software, etc.). Based on the PHI inventory ClearDATA recommends which workloads: 1) should move into Azure, 2) could move into Azure and, 3) should not be in Azure.
Examples of “should be in Azure” are all back-ups, disaster recovery, business continuity, etc.). Examples of “could move to the cloud” are ancillary software apps/tools used for EMR, billing, etc. Examples of “should not move to the cloud” are high compute pharmaceutical studies. Workloads that should not move the cloud then require a review of Microsoft licensing, firewalls, etc., to ensure the PHI is secure.
The final SRA report is delivered to the C-Suite executives who have fiduciary responsibility for HIPAA compliance. The presentation of the final SRA report includes a HIPAA risk remediation plan that identifies/Gantt charts candidate workloads to move to Azure with an agreed-upon time schedule.
Why should you choose ClearDATA SRA?