Healthcare Data Security & HIPAA Risk Assessment

Practical evaluation of a healthcare provider’s data security posture with respect to HIPAA requirements, risks, and control gaps.

Overview

This project evaluates the data security posture of a healthcare organization (Cedarville Family Health), with a focus on HIPAA compliance, patient data protection, and organizational risk exposure.

The objective was to identify weaknesses in existing practices and recommend practical, regulation-aligned security controls suitable for a small healthcare provider operating under real-world constraints.


Scope of Evaluation

  • Data and information security practices
  • Compliance with HIPAA Security Rule requirements
  • Internal and external risk identification
  • Assessment of whether risks required immediate remediation

Methodology

  • Reviewed organizational documentation, policies, and workflows
  • Mapped existing practices against HIPAA requirements
  • Identified risks impacting confidentiality, integrity, and availability
  • Analyzed consequences of security gaps on patient data and operations

Security Controls & Recommendations

  • Designed a backup and recovery strategy for sensitive health data
  • Recommended encryption practices for data at rest and in transit
  • Evaluated access controls and data handling procedures
  • Identified gaps in policy enforcement and operational safeguards

Outcomes & Industry Relevance

  • Produced a structured risk and compliance assessment suitable for audits
  • Demonstrated applied GRC and healthcare security skills
  • Directly relevant to roles in GRC, IT audit, compliance, and healthcare cybersecurity