Security Risk Assessment and Mitigation Plan

A risk assessment is required to determine the threats and vulnerabilities to your protected health information. We use a proven method to review and document your risks and to develop a detailed Risk Management Plan and Provide Turn Key Services To Help Achieve Success in Mitigating Your Plan.

Not having a risk assessment is "Willful Neglect" of the HIPAA and Omnibus Rules and places your practice at great risk for HIPAA violations, fines and the loss of trust between your practice and your patients. EHR & Practice Management Consultants, Inc. has spent years developing a cost effective, complete process to help your practice complete this compliance requirement. Your Risk Analysis Report, Risk Management Plan and other compliance documents will aid your organization to meet the compliance standards in a quick, simplified process.

Our Turnkey Services Help You Mitigate Your Risk

We Perform A Comprehensive HIPAA Privacy/ Security Risk Assessment & Mitigation Plan

  • Security Risk Assessment and Mitigation Plan Identify areas of non-compliance with HIPAA and other Rules/Regulations
  • Identification of vulnerabilities that may lead to loss of confidentiality, integrity and availability
  • Gather data on administration, physical and technical standards outlined by The Security Rule
  • Identify and document potential threats and vulnerabilities and giving recommendations to mitigate the risk
  • Assess current security measures
  • Determine the likelihood of threat occurrence
  • Determine the potential impact of threat occurrence
  • Determine the level of risk
  • Create a mitigation plan to assure you are taking proper precautions on your findings
  • Assure you are meeting HIPAA Privacy and Security requirements and ARRA/HITECH provisions

Satisfy “Meaningful Core Objective Requirement for Attestation – Protect electronic health information (Conduct or review a security risk assessment of the certified EHR technology) – don’t put those incentive payments at risk!

Ongoing HIPAA Security Training

We provide HIPAA Security Seminars (Eligible for CME Credit) with Real Life Examples for Your Providers & Staff to Remember for Them to Understand What They Need To Follow To Keep Your Patient’s ePHI secure.

HIPAA Policies and Procedures

We Write your Policies and Procedures Information Security Handbook to Addresses the HIPAA Security and Omnibus Rules.

Business Associate Agreements

We provide customized Business Associate Agreements (BAA) for HIPAA Covered Entities (CE) and Business Associates.

Security Newsletters

We update our clients with the latest healthcare breaches though our newsletters to keep our clients up to date on what is happening across the country.

For more information please contact us at or call 800-376-0212 ext. 1.


We recently hired EHR & Practice Management Consultants, headed by Vanessa Rose Bisceglie to do a Practice Risk Analysis for our primary care medical office. The services we received were thorough, detailed, prompt and thoughtful. We would highly recommend them to anyone in need of these services.
- Primary Care Medical Associates

Vanessa was referred to us by IL HITREC. We were on a short deadline to complete our Meaningful Use Medicare since we wanted to submit our paperwork before the end of September. We needed help with our privacy and security risk assessment. Vanessa was able to help us out with completing all the necessary steps, was very helpful and pleasant to work with. I would strongly recommend her to anyone that needs help with Meaningful Use.  -Jola Wulf,  Practice Manager   Melissa Robledo MDSC 

Vanessa Rose Bisceglie and EHR & Practice Management Consults did a throughout job completing and preparing our practices’ HIPAA/HITECH  risk analysis.  With little effort on our part, we were able to update and customize our security policy & procedures, ensuring that patient privacy is maintained.  We could not have navigated the complexities of today’s security mandates without Vanessa.  Chris C Najafi, MD  Lakeside Nephrology

I had the opportunity to work with Vanessa Bisceglie from EHR Practice Management and Consultants to assist me in our Risk Analysis Assessment.  Vanessa was very professional and extremely helpful.  As a result of working with her we were able to attest successfully for Meaningful Use. The process was online which saved tremendous time. I would certainly consider Vanessa and her team for other Practice Management consultations. -Christina Kafity, RN, BSN,  Practice Manager   Bay Area Gastroenterology