MS-Excel based tool created as a basis to assess HIPAA Privacy Rule compliance programs. The Privacy Risk Analysis is a questionnaire designed for covered entities (acute and ambulatory sites) and business associates based upon the HIPAA Privacy Rules. Standard, intermediate and audit formats available. Extensive coverage of all areas of HIPAA privacy based upon close interpretation of the privacy rules as there are no NIST guidelines for privacy as there are for security.

This tool has been presented to OCR as a part of open investigations with no pushback from them about the tool. The question sets differ somewhat based upon the type of business associate or covered entity. The PRA tool is has callouts for each line item to the appropriate policies within the CompliancePro Privacy Policy Manual. See the PRA sample within the “Samples” link.

A. Privacy Risk Analysis (PRA)

If you have further questions please contact Kelly McLendon, RHIA, CHPS at [email protected].