Remaining HIPAA compliant

Remaining HIPAA compliant: How to protect patient records
 

Publish date: FEB 10, 2014



Probably the least understood and greatest exposure and risk for practices attesting to Meaningful Use (MU) is the need to complete a security risk analysis. When it comes to the technical concepts like firewalls, routers, and security protocols, most offices just do not know where to begin. You trust your vendors and business associates to keep you compliant, but what if they do not?
The use of health information technology continues to expand in healthcare. Although these new technologies provide many opportunities and benefits for consumers, they also pose new risks to consumer privacy.
Because of these increased risks, the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) include national standards for the privacy of protected health information, the security of electronic protected health information, and for breach notification to consumers. HITECH also requires Health and Human Services (HHS) to perform periodic audits of covered entity and business associate compliance with the HIPAA Privacy, Security, and Breach Notification Rules.
security risk analysis
Many of the MU measures are already familiar to practices. Actions such as gathering vitals, demographic documentation, and medication histories physicians can perform in their sleep. While learning the interface of their new Electronic Health Record (EHR) system is a very real obstacle, in time, staff learn what button to push and box to click to be compliant.
But the technical issues can be much trickier for physicians, who aren’t necessarily IT experts. 
An example: In a recent visit at a rural practice, a national telecommunications provider had been onsite to upgrade the practice’s broadband connection. In the process, they disconnected the firewall because they could not configure it correctly, and left it unplugged. They did not notify the practice of their actions and left after assuming completion of the job.  

Continue article HERE

Comments

Post a Comment