Your healthcare practice would be much simpler if all of your work was simply dealing with patients. Unfortunately, the days when all that doctors and practice administrators had to be concerned with was patients is long gone. Today’s litigious climate- combined with government and insurance oversight – has left both doctors and administrators burdened with the bureaucracy of modern medicine. One of those burdensome tasks is the work involved in proving compliance with HIPAA, especially as it relates to Electronic Health Records (EHR’s).
When we boil down the regulations concerning EHR’s and HIPAA Compliance we discover the following facts:
Following that initial security risk analysis, an action plan needs to be created to address the issues that were identified in a comprehensive and timely manner. In the years that fall after that initial security analysis of the new EHR certified technology, a review must be completed each year documenting the steps that were taken following the security risk analysis and dealing with any risk issues that have cropped up over time.
According to the Security Rule, the healthcare practice is required to “put into place reasonable and appropriate administrative, physical, and technical safeguards”. (US Department of Health and Human Services)
Some examples of these potential security measures are:
If you conduct electronic transactions (such as the storage or transfer of patient data or electronic billing), you are required to do risk analysis on all new EHR certified technology as well as the follow-up annual reviews. Apex understands that these involved and technical reviews are necessary but can be cumbersome for the small to mid-size practice. It is for this reason we have put together a group of experts in this field who have the experience to do the work and to guide you through the process.
With the many variations and combinations of makeup among healthcare providers, there is no specific method that the US Department of Health and Human Services requires for these analyses and reviews. Having no definitive checklist for HIPAA compliance is frustrating to some health care administrators, because they know that ultimately, the responsibility for the security of the EHR’s fall on them. Unfortunately, because of the complex diversity of healthcare practices and institutions, a single checklist is impossible. This is where professional cyber-security firms such as Apex come into the picture and work with the health care administrator or owner of a small practice to ensure HIPAA compliance.
Apex recently hosted a webinar on the subject, which can be viewed here to provide more information.
Additionally, CMS put together a handy Tip Sheet to provide an overview of the Security Risk Analysis requirement. The Tip Sheet to can be downloaded by clicking here.
To talk to Apex about your unique HIPAA compliance challenges, give us a call today at (800) 310-2739 or send an email to firstname.lastname@example.org. We have HIPAA experts standing by who would be glad to partner with you and take some of the stress of compliance off of your shoulders.