The requirement to havea completed HIPAA Risk Assessment has been in place since the original HIPAA Privacy Rule was issued in 2003. However, very few healthcare organizations do them. But the Office of Civil Rights (OCR) is now aggressively pursuing HIPAA violations and penalties are steep.
Corporate Software Management (CSM) can perform a HIPAA Risk Assessment.
Even if you do them internally, an outside review can be more thorough, and the advice you receive might help you see current practices and procedures in a new light. Dont risk the fines and negative publicity associated with a privacy breach, or other missteps in today's Elevated Focus on HIPAA at OCR.
CSM can help your organization comply with Current HIPAA Regulations and set up systems that will help protect you for years to come.
The HITECH Act of 2009 updated the HIPAA law, introduced several additional safeguards, and the Meaningful Use criteria for certified EHR technology includes a specific requirement to perform a HIPAA Risk Assessment in order to qualify for the HITECH Act incentives for adopting EHR technology. There are two requirements for performing a HIPAA Risk Assessment:
1. The original requirement in the HIPAA Privacy Rule.
2. For healthcare organizations applying for HITECH Act EHR Meaningful Use incentives, the requirement to complete a HIPAA Risk Assessment as part of certifying the organization's use of certified EHR technology.
Proper completion of your HIPAA risk assessment must include both Privacy and Security Rules The HIPAA Privacy Rule refers to those standards that protect individualsâ€™ medical records and other personal health information (PHI). They require appropriate safeguards intended to protect the privacy of PHI, and give patients rights over their health information.
The HIPAA Security Rule includes standards intended to protect individuals electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate (1) administrative, (2) physical, and (3) technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.