The objective of gap analysis is to
map the HIPAA security requirements against the
enterprise environment to identify gaps that exist
in the security infrastructure. The focus of this
phase include:
Assessment Objectives
At a high level, there are a number of critical
areas that need to be investigated during the process
of security assessment. These areas include:
There may be several remediation projects, each
of which will require resources and specific skills.
Some of these remediation projects may be fairly
significant initiatives that may impact the entire
enterprise infrastructure. The next step is to
prioritize the projects and identify any dependencies
that may exist between them. This will enable
the organization to identify critical projects
that need to be initiated.
The deliverables or outputs of gap analysis include:
- HIPAA
Security Strategy
- Quantifying
Risk
A budget needs to be developed for each of the
projects and the overall effort. The budget estimates
for each project should be terms of:
In this phase, the combination of gaps identified
and the remediation projects is what will enable
the organization to be positioned for complete compliance
with HIPAA’s security objectives.
For more information about HIPAA Academy’s
consulting services, please contact Lorna Waggoner
at (877)899-9974 x17 or Lorna.Waggoner@ecfirst.com.
