Home  |  HIPAA  |  Assessments  |  Certifications  |  Contact

HIPAA Risk Assessments

A risk assessment reports the identifiability your dataset or data stream in terms of the number of people that could possibly be re-identified if that version were shared. The Privacert risk assessment quantifies the risks, if any, and states whether sharing the data poses a minimal risk in accordance witha regulations (e.g., the HIPAA Privacy Rule).

If you want to have a risk assessment performed, contact a Privacert representative, info@privacert.com, who will walk you through the process. The actual computation to generate the report takes 7-10 days. Here is an overview of the steps.

  1. We establish confidentiality with your organization by signing non-disclosure agreements and a HIPAA Business Associates agreement as warranted.

  2. You provide a description of your dataset, a data sample (optional), a description of the fields critical to the use for which your dataset is being shared, and a description of the population of people whose information is likely to appear in your dataset. We discuss your dataset with you in order to understand the nature of the values appearing in your dataset.

  3. We generate a Risk Assessment report for your dataset and discuss its contents with you. If the result of the Risk Assessment is your data complies with the HIPAA Privacy Rule using the Privacert Compliance Model for HIPAA, a HIPAA certification statement will be awarded. If your data does not comply, the Risk Assessment report will report the nature of the risks found and may include suggestions for field-level changes.

Below is a sample analysis.


Re-identification threat identified during a Privacert Risk Assessment.


Risk Assessment and HIPAA Certification

A Privacert Risk Assessment is typically part of an overall effort to achieve certification that a particular dataset is sufficiently de-identified to be shared in accordance to HIPAA (a HIPAA certification). The process begins with a Privacert Risk Assessment, described above.



[For more technical information about our approach, see here.]

 
info@privacert.com      
Privacert

Offices of Dr. Sweeney, 64 Linnaean St, Cambridge, MA 02138