top of page

Security Risk and Compliance Analyses

Analyis Graphic.png

Our Approach Is a Repeatable Framework-Embedded Methodology

Our risk or compliance analyses use the entire HIPAA Security Rule framework of standards and implementation specifications.  Our risk analysis methodology is straight from the government's preferred NIST Special Publication 800-30R1.  At Proteus, there's no "from the hip" guesswork.


When you hire us, you can count on:

  • A security risk analysis that complies with CFR Title 45 §164.308(a)(1)(ii)(A)

  • Security Rule compliance methodologies that support §164.308(a)(8), and

  • Risk register management with recommended corrective actions that that comply with §164.308(a)(1)(ii)(B)

We are ready to provide you with a workable Office of Civil Rights (OCR) response or a Centers for Medicare and Medicaid reimbursement program artifact, depending on your security risk analysis needs. Your compliance or HIPAA Security Officer will better understand where to apply resources to reduce risk and manage their program.

Would your last risk analysis endure an OCR audit? It's no secret that OCR has failed over 90% of the risk analyses presented during a major breach investigation. Proteus Consulting will help you reverse this statistic with a bona-fide analysis project.

Click here to receive a free primer and a 10-question chart to help you understand ePHI risk.

Why Hire Proteus Consulting to Perform Your Risk or Compliance Analysis?

The Security Rule does not require a Covered Entity (CE) or Business Associate (BA) to hire an external party to evaluate their HIPAA Security program. However, the opportunity to learn from HIPPA experts can be extremely valuable to your organization – in both knowledge gained and risks averted. 

We invite you to compare our knowledge base against the expertise currently applied to your current program.  Just review one of our HIPAA Safe newsletter issues. Then ask yourself if spending less than 1% of your risk liability* is worth the investment to have a dedicated HIPAA team supporting your organization.

*Unsure how to calculate your ePHI risk liability?  The Ponemon Institute has recommended to compute $355 per patient record.

What Is the Relationship Between a Risk Analysis and a Compliance Analysis?

The U.S. Department of Health and Human Services (HHS) requires our medical community demonstrate a persistent risk management program.  All CE and BA are required to evaluate the risks affecting their electronic protected health information's (ePHI) confidentiality, integrity and availability.  Additionally, all CE and BA must comply completely with all HIPAA Security Rule standards and implementation specifications.

bottom of page