HIPAA SECURITY RISK ASSESSMENT:
WHAT WE’RE IMPROVING

FROM THE CEO:

“Transparency is paramount in all that we do.”

To our community,

At LifeWays, protecting the privacy and security of the individuals we serve is a responsibility we take seriously every day. As part of that commitment, we recently completed an independent, third-party HIPAA Security Risk Assessment to evaluate how well our systems, policies, and practices align with federal requirements for safeguarding sensitive health information.

The results of this assessment reflect a strong foundation. LifeWays achieved an overall compliance score of 79%, demonstrating that key administrative, physical, and technical safeguards are in place to protect electronic protected health information.

As with any comprehensive assessment, the review also identified opportunities for improvement. These findings were primarily related to strengthening internal processes—such as policy governance, access management, and monitoring practices—to ensure consistency, accountability, and long-term sustainability of our security program.

Importantly, this assessment did not identify any breaches or misuse of information. Instead, it provides a clear and actionable roadmap to further enhance our systems and reduce potential risk.

We are already actively addressing each of the identified areas through a structured 90-day remediation plan. Many of these improvements were underway at the time of the assessment, reflecting our ongoing commitment to continuous improvement.

Transparency remains paramount in all that we do. We are sharing the results of this assessment, along with our corrective actions, so our community can clearly see both where we stand and how we are strengthening our practices moving forward.

LifeWays remains committed to protecting the confidentiality, integrity, and availability of the information entrusted to us. We will continue to invest in strong safeguards, clear processes, and accountability at every level of our organization.

Thank you for your continued trust.


Cassandra Watson

CEO, LifeWays

ASSESSMENT RESULTS

LifeWays completed an independent, third-party HIPAA Security Risk Assessment evaluating compliance with the HIPAA Security Rule (45 CFR Part 164, Subpart C).

  • Overall Compliance Score: 79%

  • Total Gaps Identified: 10

  • Assessment Period: December 2025 – February 2026

  • Scope: Systems, applications, policies, procedures, and safeguards related to electronic protected health information (ePHI)

The assessment found that LifeWays has a strong foundational security posture, with many required administrative, physical, and technical safeguards already in place.

CORRECTIVE ACTION PLAN

LifeWays has developed a comprehensive corrective action plan based on the findings of this assessment. The plan aligns with the third-party recommended 90-day remediation roadmap, which outlines specific actions, timelines, and accountability measures for each identified gap.

This roadmap is designed not only to resolve current findings, but to strengthen long-term security practices, improve audit readiness, and ensure continued protection of the individuals we serve.

Table outlining project activities, key tasks, and evidence for a specific timeline, including logging review, access termination, account lifecycle, system standards, media disposal, risk analysis, cybersecurity, and policy governance.
CARF Logo

LifeWays has been awarded the highest level of accreditation by CARF International.

Mid-State Health Network logo

LifeWays is also held to the highest level of care by our overseeing organization,
Mid-State Health Network (MSHN)