Risk Toolkit
HIPAA COW Risk Analysis & Risk Management ToolkitHIPAA COW is pleased to provide you with this HIPAA COW Risk Analysis & Risk Management Toolkit (Toolkit). Please note that this Toolkit is a work in progress. More documents will be added to further assist organizations in their efforts to complete a Risk Analysis, Risk Assessment, and their Risk Management strategy. Please contact us with any recommendations, questions, or special requests. The following Toolkit documents are currently available:
Start HereThis Guide provides a summary of all the tools in this Toolkit (listed below) as well as ideas on how to use them to complete a risk analysis, risk assessment, and develop and implement a risk management strategy. It also includes a list of references reviewed and used while developing this Toolkit. NIST Risk Assessment StepsHIPAA COW Risk Assessment TemplateJanuary 2024 updates: Updated Risk Toolkit! The HIPAA COW Risk Management Networking Group (RMNG) completed its review and incorporation of the NIST CSF v1.1. into the HIPAA COW Risk Assessment Template. This document contains several worksheets, including:
NIST Threat OverviewNetwork Diagram ExampleNIST Risk Definitions & CalculationsNIST Risk Mitigation ActivitiesHIPAA COW Risk Analysis Report TemplateRisk Management PolicyThis may be used by your organization as a template to create a Risk Management Policy. The policy was updated on 1/16/13 to better align with the HIPAA COW Risk Analysis & Risk Management toolkit. OCR Phase 2 Audit ProtocolThis is simply a copy/paste of the OCR Phase 2 Audit Protocol that was posted in April 2016 HERE. OCR HIPAA COW OCR Audit ProtocolJune 2012 – This OCR HIPAA Audit Protocol, with the last column added by HIPAA COW on the Security and Privacy & Breach worksheets, includes the question numbers that currently are believed to cover some or all of the audit protocol requirements for each specific item. The HIPAA COW Risk Management Networking Group reviewed the established performance criteria and audit procedures in the OCR HIPAA Audit Program and enhance the HIPAA Security questions and recommended controls on the HIPAA COW Risk Assessment Template spreadsheet. This project was completed in August of 2013. OCR Audit ProtocolJune 2012: 2012 Cross Reference to the HIPAA COW Risk Assessment Changes Made NIST CSF HIPAA COW CrosswalkThis document includes the NIST Cybersecurity Framework v1.1. For Subcategories ID.AM-1 through RS.CO-3, the Risk Management Networking Group (RMNG) included the question numbers from the Security Questions worksheet of the HIPAA Security Risk Assessment Toolkit Excel document, that are believed to cover some or all of the audit protocol requirements. The RMNG is continuing to work through the remainder of the of the controls and will post an update when completed. There is also a Maturity Definitions tab in this document, which are based off the NIST CSF Framework Implementation Tiers. NIST SP 800-30 v2002This Toolkit is based on many of the methodologies described in this document. HIPAA Collaborative of Wisconsin (“HIPAA COW”) holds the Copyright © to this The HIPAA COW Risk Analysis & Risk Management Toolkit (“Toolkit”). HIPAA COW retains full copyright ownership, rights and protection in all material contained in this Toolkit. You may use this Toolkit for your own non-commercial purposes. It may be redistributed in its entirety only if (i) the copyright notice is not removed or modified, and (ii) this Toolkit is provided to the recipient free of charge. If information is excerpted from this Toolkit and incorporated into another work-product, attribution shall be given to HIPAA COW (e.g., reference HIPAA COW as a resource). This Toolkit may not be sold for profit or used in commercial documents or applications. This Toolkit is provided “as is” without any express or implied warranty. This Toolkit is for educational purposes only and does not constitute legal advice. If you require legal advice, you should consult with an attorney. Unless otherwise noted, HIPAA COW has not addressed all state pre-emption issues related to this Toolkit. Therefore, this Toolkit may need to be modified in order to comply with Wisconsin/State law. The Toolkit provides an example HIPAA Security Risk Assessment and documents to support completing a Risk Analysis and Risk Mitigation Implementation Plan. While it covers a broad spectrum of the requirements under the HIPAA Security Rule and HITECH, it may not cover all measures needed to secure your patients’ electronic protected health information (ePHI). It is not meant to be construed as a one-size-fits all Toolkit. As previously stated, this includes only an example method to complete a HIPAA Security Risk Assessment. The HIPAA Security Rule requires this be completed on an ongoing basis, but does not prescribe how to accomplish this. The authors of these documents carefully considered and included information that are believed to be of most importance, based on legal requirements, known HIPAA Security incident history, and personal experiences. With that said, it may include items not required by your organization, exclude items required, and/or items that you need tailor to your organization’s needs. Contact Us: Please forward any questions, comments, enhancements or ideas for improvement about this Risk Toolkit to: admin2@hipaacow.org. We welcome your feedback. |
Contact UsADDRESS 563 Carter Court, Suite B, Kimberly, WI 54136 EMAIL | PHONE hipaacow@badgerbay.co | 920-750-7728 |
© 2023 HIPAA COW | All Rights Reserved