• Home
  • Why Perform a HIPAA Security Assessment?

Why Perform a HIPAA Security Assessment?

Security Risk Analysis is the cornerstone to every effective information security program and is a requirement for HIPAA compliance and to attest to the Meaningful Use EHR Incentive Program. Internal risk assessments face challenges due to time and personnel constraints, organization-political hurdles, and often a lack of subject matter knowledge.

CoreRecon’s HIPAA Security Risk Analysis provides the solution.

Healthcare organizations can use CoreRecon’s service to attain a comprehensive understanding of their risks to information security and detailed recommendations on how to most effectively reduce or remove the vulnerabilities and threats. By implementing our recommendations hospital’s can significantly reduce the risk of a breach of the confidentiality, integrity and availability of ePHI which can cause harm to patients, but also result in financial penalties and damage your organization’s reputation.

The HIPAA Security Risk Analysis enables covered entities of all sizes to meet and exceed their compliance requirements and achieve top-tier information security.


CoreRecon’s HIPAA Security Risk Analysis scope, depth, and coverage is tailored to be commensurate with the size, complexity, and capabilities of your organization and take into account your technical infrastructure, hardware and software capabilities. The cost of security measures and the probability and critical of potential risks to ePHI, as defined in the HIPAA Security Rule, are strongly considered during analysis and in each of our final recommendations.

The scope of your HIPAA Security Risk Analysis is informed by:

  • Security Engineering Experience: CoreRecon’s proprietary list of infrastructure vulnerabilities and control deficiencies collected during our work on over a thousand information security assessments is referenced heavily during each analysis.

  • Industry Best Practices: CoreRecon utilizes our own independent research, professional exchanges, industry and other recognized standards including NIST federal guidelines, ISO 27001 and ITL research to keep our scope and recommendations in line with the latest information technology best practices.

  • Technology and Regulatory Foresight: CoreRecon’s ongoing awareness of technology solutions and regulatory changes strongly influences our analysis and recommendations to ensure our scope includes industry trends and addresses future challenges.

Did you know?

$32,000 is the average cost per DAY of a cyber attack on a business.