HIPAA COMPLIANCE CONSULTING
Avoid Fines - HIPAA random audits are ongoing and increasing
Protect Practice from Data Loss and most of all the Confidentiality of your Patients
Help the practice comply with Stage 2 Meaningful Use requirement for privacy and security
Increase Patient Satisfaction through Privacy Right Protection
EXPERIENCED CONSULTING & SOLUTIONS
Identify all computer hardware, software and patient data (PHI). This involves quantifying the location, type and quantity of patient data.
Evaluate technical security capabilities in place, such as passwords, encryption, firewalls and audit logging, usually based on interviews with computer support personnel. For larger practices and networks, a vulnerability scan can be performed.
Review administrative processes in place, such as employee background checks, employee termination procedures and employee discipline.
Prepare risk analysis report, which includes commentary for all 42 HIPAA Security implementation specifications with corresponding risk levels based on security measures and prioritized for corrective action recommendations.
HIPAA COMPUTER SECURITY RISK ASSESSMENT
HIPAA Security Risk Assessment Specialists
for the Healthcare Industry
The HIPAA Computer Security Risk Analysis is mandatory requirements of the HIPAA Security rule. The rule states that a Computer Security Risk Analysis should be completed periodically and that deficiencies should be corrected. Although a Risk Analysis can take many forms, we at MedTech Solutions believe that it is important to do a detailed review of the security and procedures in place for our Clients to ensure that they are not only compliant, but that they are protected from loss or breach of data. Although the Risk Analyses we provide at MedTech Solutions is comprehensive, we utilize customized procedures based on the type of client we are working with.
The Computer Security Risk Analysis is also an essential part of the Privacy and Security Objective of Meaningful Use. MedTech Solutions provides Risk Analysis services to meet this objective.
For this risk analysis, MedTech Solutions uses the methodology specified in NIST SP 800-30, which is the only approach explicitly mentioned in the HIPAA Security rule as an appropriate.
For smaller practices, this risk analysis can be conducted remotely. For larger practices, an on-site review is recommended.
This assessment is required by the modified Stage 2 Meaningful Use, for the Privacy and Security Objective #1. The new Advancing Care Information Performance Category of the Merit-based Incentive Payment System (MIPS) replaces Stage 2 Meaningful Use in 2017. However, the performance category retains the Protecting Patient Health Information Objective that requires a risk analysis.
The Meaningful Use requirement also discusses a Security Management Process. Simply put, the “Security Management Process” consists of the following: A) Conduct a risk analysis, B) Implement security fixes to correct deficiencies, and C) Repeat. To fulfill the Meaningful Use requirement, you must do both A and B.
The EHR software you purchased, and its “Meaningful Use Dashboard” shows no details about this objective since the software has no way of knowing if you meet the requirements of this objective.
For more information regarding the risk analysis and the HIPAA requirements, see posts Achieving Meaningful Use Stage 1 for Privacy and Security and 45 CFR 164.308(a)(1), 45 CFR 164.312(a)(2)(iv) and 45 CFR 164.306(d)(3) Explained.
By choosing MedTech Solution's service, physicians can attest with confidence, without worry in the event that the physician is selected for a government meaningful use audit. As of 2016, the Office of Civil Rights found that in the first round of audits, 54 percent of those audited were noncompliant with some portion of the Privacy Rule. In this initial round, the Office of Civil Rights was mostly concerned about hospital and individual providers.