MedTECH Consulting Solutions can assist your organization with performing a HIPAA Risk Assessment. Many organizations perform these audits internally, but an outside review can be more thorough, and the advice you receive on compliance will not be predetermined by the approach the organization has previously taken to such compliance. Don’t leave your organization subject to fines and negative publicity associated with a privacy breach, or other missteps in today's elevated focus on HIPAA at OCR.
MedTECH Consulting is well versed in addressing the details needed to help your organization comply with current HIPAA regulations and to set up systems that will benefit you for years to come. The following will help you to further understand your organization's responsibility and the scope of services that we provide when engaged to complete a HIPAA risk assessment.
HIPAA, HITECH, and Meaningful Use
The HITECH Act of 2009 updated the HIPAA law, introducing several additional requirements and privacy safeguards, and the Meaningful Use criteria for certified EHR technology includes a specific requirement to perform a HIPAA Risk Assessment in order to qualify for the HITECH Act incentives for adopting EHR technology. This means there are two imperatives for performing a HIPAA Risk Assessment:
The original requirement in the HIPAA Privacy Rule, and
For healthcare organizations applying for HITECH Act EHR Meaningful Use incentives, the requirement to complete a HIPAA Risk Assessment as part of certifying the organization’s use of certified EHR technology.
Proper completion of your HIPAA risk assessment must include both Privacy and Security Rules
The HIPAA Privacy Rule refers to those standards that protect individuals’ medical records and other personal health information (PHI). They require appropriate safeguards intended to protect the privacy of PHI, and give patients rights over their health information.
Sample areas included in our HIPAA privacy rule assessment include:
Privacy & Confidentiality
Notice of Privacy Practices
Marketing/Fundraising/Sale of PHI
Minimum necessary Rule
Access to PHI
HIPPA Compliance in Front and Back Office, and by Providers
Business Associate contracting activities and BA Agreements in use
The HIPAA Security Rule refers to standards intended to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate (1) administrative, (2) physical, and (3) technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.
Sample areas included in our HIPAA security rule assessment include:
Facility Security Plan, including access controls and maintenance/repairs
Workstation Use/Security Policies and practices
Policies and Procedures for Device and Media
Technical (administrative) policies to manage PHI access (User ID, Emergency Access, Auto Log-off, Encryption)
Audit Controls, Integrity, Authentication (PHI and Person)
Transmission Security (Integrity and Encryption)
Breach Notification Plan/Procedures
MedTECH Consulting works throughout the U.S., so Contact Us and get the expert assistance that you need in order to ensure that your organization is comfortably complying with today's HIPAA requirements. We think you'll be glad you did.