Don’t Take Any Risks with Meaningful Use Attestation – Violations Can Lead to Big Fines
Thursday, April 26th, 2012Many of my Meaningful Use tips this year have concerned the importance of the Security Risk Assessment component of Meaningful Use Measure #15. There’s a good reason why I have focused so heavily on that topic. The results of a three-year investigation into HIPAA violations of an Arizona provider were published this month. The provider was found in violation and received a $100,000 fine and a requirement to perform a security risk assessment including implementation of the policies and procedures that address those risks. For more information on this provider and the investigation, read here: http://www.healthcareinfosecurity.com/arizona-practice-gets-100k-hipaa-fine-a-4686 This recent news item [...]
Help is Here for Performing Your HIPAA Security Risk Assessment
Thursday, February 23rd, 2012This week I’m pleased to introduce you to my business partner Kelly McLendon. Kelly is the owner of CompliancePro Solutions™ and has created a software tool for the HIPAA security gap assessment required under Meaningful Use. RM: Kelly, can you tell us a little more about the software tool you’ve created? KM: Yes. Our HIPAA Privacy and Security Gap Assessment software was created to help medical providers who are attesting to Meaningful Use fulfill the requirements of Measure 15. This is an Excel-based assessment tool that evaluates the state of your Electronic Health Record (EHR) system to identify any potential [...]
Meaningful Use Tip – You Must Update Policies & Procedures Before Attesting to Meaningful Use
Thursday, February 16th, 2012It has been scary here lately to hear Practice Managers answering Yes that they comply with questions for the Security Risk Analysis that is required for Meaningful Use Measure #15 in order to attest. Many of them are stating Yes that they have performed the Security Risk Analysis and know their internal processes for security; however, do not have those processes or policies written. You should know this: Policies and Procedures and Documentation Requirements are part of the Final Rule; and in paraphrasing CFR 164.316(a) you MUST maintain site specific policies and procedures documentation that defines how your organization will [...]
Your Policies and Procedures Are Incomplete If They Don’t Include a Security Risk Management Process
Thursday, January 12th, 2012Patient privacy and confidentiality of medical records is protected by the department of Health & Human Services through the HIPAA Security Rule. And, if your practice is using Electronic Health Record technology (EHR) and/or attesting to Meaningful Use, well-documented Policies and Procedures are at the heart of the HIPAA Security Rule Administrative Guidelines. The very first Administrative Standard refers to the prevention, detection, containment and correction of any security violations. As we’ve discussed over the last few weeks, if you are attesting to Meaningful Use, Measure 15 outlines the requirement of a security risk analysis that addresses potential security gaps [...]
Know Your Medical Practice Risks – Meaningful Use 15
Thursday, January 5th, 2012A security risk assessment is a requirement of Meaningful Use attestation (Measure 15), but what exactly does that mean? A security risk assessment is not a new concept. It is a requirement of the HIPAA Security Rule. But for attestation purposes, you must review your security procedures and ensure that they address current potential, as well as future, risk to your EHR system. A thorough security risk assessment should include the following components: A review of current security procedures related to your EHR. Be sure to include clinicians and management, as well as IT, in the review process. Risk management [...]
« Previous Entries