HSRA Assurance Program

The BluTinuity HIPAA Security Risk Assessment (HSRA) is a nationally recognized comprehensive review of an organization’s levels of compliance against the administrative, physical, and technical security standards outlined in the HIPAA Security Rule.  The rigorous BluTinuity HSRA will meet the very first and arguably most important HIPAA standard, then identify areas of HIPAA Security Rule non-compliance, and recommend a stronger security positions throughout the organization’s infrastructure footprint. 

BluTinuity’s philosophy regarding a HIPAA Security Risk Assessment is not to merely help organizations obtain compliance in order to pass an audit.  Rather, our goal is to assist organizations in better protecting electronic health information, becoming more risk focused, and securing data.  Strong security extends beyond the construct of the HIPAA Security Rule, so HIPAA compliance is a by-product of this effort rather than it being the goal. 
Because the BluTinuity HSRA is a point-in-time examination designed to identify HIPAA compliance and gaps in compliance, it is generally used to create a roadmap for becoming an organization with a strong security posture while moving closer to full HIPAA compliance.  We recognize the ever-changing nature of risk and threats to the organization, as well as the fact that an organization’s response will scale in relationship with its size, complexity, and risk tolerance.  All of these elements are factored into the BluTinuity model.
The BluTinuity HSRA follows audit standards and protocols prescribed by the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) - the agency with authority to enforce the HIPAA law, as well as industry standards, guidance, and best practice models from organizations such as the National Institute of Standards and Technology (NIST), Office of the National Coordinator for Healthcare Information Technology (ONCHIT), SANS Institute, and Disaster Recovery Institute International (DRII).  Nearly 30 authoritative sources were used in the development of the BluTinuity HSRA methodology.
When an organization successfully completes a BluTinuity HSRA, meets the minimum scoring criteria, and develops a corrective action plan to remediate any identified HIPAA compliance gaps, it may be invited to participate in the BluTinuity HSRA Assurance Program. 
​Why BluTinuity Advisors are an Asset for Your HIPAA Security Risk Assessment
​While the HIPAA Security Rule has required healthcare organizations to perform a security risk assessment for nearly 20 years, many entities have opted to complete them less frequently than is recommended - the OCR has identified 12 months as the optimal frequency for most organizations.  While acceptable to perform an internal risk assessment, most healthcare organizations do not have the capacity, experience, or objectivity needed for a serious HSRA.  A better solution is to invite seasoned healthcare consultants in for a strong review of security, and to socialize the results of this security risk assessment into a competitive advantage in the marketplace.

BluTinuity advisors have an uncommon cross section of experience which allows us to evaluate situations differently and provide unique solutions. BluTinuity advisors have assessed, planned, implemented, managed, audited, and optimized technology systems, processes, controls and security in large and critical access hospitals, physician clinics, surgery centers, mental & behavioral health providers, a crisis hotline provider, home health providers, dental practices, physical therapy clinics, regional and national long term care providers, pharmaceutical manufacturers, pharmaceutical disposal / supply chain providers, benefit managers, insurance, healthcare financing organizations, blood centers, accountable care organizations (ACO's), healthcare cooperatives, health information exchanges, healthcare software vendors, and social services agencies (government and private).  Because of this distinctive experience, BluTinuity consultants are known as industry thought leaders.  They have published articles and speak at local and regional conferences and seminars.

​​The BluTinuity HSRA Assurance Program Criteria & Acquiring the BluTinuity HSRA Seal
Organizations in the HSRA Assurance Program are provided with a copy of the BluTinuity HSRA Seal for use on a website or other marketing materials.  This is a prominent way to verify to your clients, patients, and business partners that your organization has completed the BluTinuity HIPAA Security Risk Assessment, the first requirement of the HIPAA Security Rule.  It is recommended to perform a BluTinuity HIPAA Security Risk Assessment every 12-18 months, or when major changes to the organization’s risk profile occur, or when the security environment or overall security posture are modified.  The BluTinuity HSRA Seal contains the year in which the HSRA was completed to provide insight into the current status of HIPAA readiness. 

You may contact us at HSRA@blutinuity.com to verify if a seal is valid or to inquire about your own BluTinuity HSRA.