HIPAA TIP: Healthcare Risks and Mitigation Strategies


  • 1. Incomplete inventories of systems and data locations; exceptions and non-standard situations along with outdated devices.
  • 2. Staff shortage – lack of security awareness training for staff. Relying on vendors for security measures and believing the organization is off the hook if the vendor has some security measures.
  • 3. The “Internet of Things” has exploded with bio-medical devices. Are these secure for the organization?
  • 4. Audit controls for user activity, third party activity within the organization.


  • 1. Vulnerability to account take-overs such as Office 365, business email compromise.
  • 2. Data exposure due to insufficient security measures; single sign-on risk.
  • 3. Hacking, Ransomware attacks that interfere with operations and heighten the threat of data exposure.


  • 1. Annual HIPAA Security Risk Analysis
  • 2. Penetration Testing / Vulnerability Scans
  • 3. Disaster Recovery / Business Continuity Plan current and updated regularly
  • 4. Cybersecurity tabletop exercises to support the DR /BCP Plan 5. NIST Cybersecurity Framework 6. HHS 405(d) Aligning Healthcare Security Approaches

HIPAA compliance isn’t a one-time checklist. It’s ongoing, programmatic in nature, and requires demonstrated reasonable diligence to stay in good standing with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Anatomy IT. can provide you peace of mind with our expert HIPAA compliance services. To learn more, contact us here.

Leave a Comment