Improved Security for Healthcare Organizations

Yeo & Yeo offers Security Risk Assessments (SRAs) for healthcare organizations and Michigan businesses as a way to help them improve their broader cybersecurity infrastructure.

Our approach to SRAs is less invasive than other providers’ processes and requires minimal assistance from your staff. We provide you with a comprehensive report including all compliance documents as well as a detailed review of your report that outlines your risk factors and next steps.

Security risk assessments are a standard annual requirement for all eligible healthcare entities due to HIPAA Meaningful Use requirements. The Merit-Based Incentive Payment System, used for Medicare/Medicaid payment processing for healthcare entities, requires SRAs to be performed to receive the best possible service reimbursement rates. SRAs are required for all providers, large or small, and can be complex and time-consuming. Yeo & Yeo provides this service directly at a reduced cost.

What is a Security Risk Assessment?

Yeo & Yeo's SRA is divided into two main components:

  1. Risk Analysis is performed by conducting an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality and integrity of patient health information. For healthcare organizations, we also test the availability of electronic patient health information (ePHI) held by a covered healthcare entity or business associate.
  2. Risk Management is performed by implementing security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level. This also applies to HIPAA compliance requirements. Yeo & Yeo Technology will provide both required points of an SRA with minimal impact on the health care entity’s office and personnel.

Security Risk Assessments cover all 72 HIPAA security safeguards as defined by the Office of Civil Rights, detailed in the HIPAA Audit Protocol.

Security Risk Assessment Checklist for Healthcare

  • On-site Assessment of Specific Safeguards
  • Compliance Report Portfolio Delivery
  • Findings Analysis Meeting