Security Risk Analysis
A Security Risk Analysis is part of any HIPAA Security compliance plan and also a Meaningful Use requirement. Note that Security Risk Analysis needs to examine the physical, technical, and administrative safeguards over protected health information. Even if you do not have an EHR, you may still need to perform a security risk assessment. For example, an online directory containing transcription Word files is covered by the HIPAA Security standards.
However, the use of an EHR product does not address your HIPAA Security exposure. For example, even if you use an EHR service, your practice still needs administrative procedures to control access and prohibit storing information in an unsecured environment: taking screen snapshots and storing the image on a personal PC or other device.
Although we have focused on the compliance issues, do not forget that a HIPAA Security or Privacy problem can affect your practice’s reputation and relationship with your patients. The recently announced settlement with Phoenix Cardiac Surgery should be a wakeup call to your practice that HIPAA Security and Privacy standards are important and that HHS will not hesitate to pursue compliance issues in smaller organizations.
To see the HHS notice, click here. To learn more about this topic you can listen to a recent podcast on the topic from my internet radio show, The EHR Zone.
This article was originally published on Avoid EHR Disasters and is used here with permission. Ron Sterling is author of the HIMSS Book of the Year Keys to EMR/EHR Success. He is a nationally recognized EHR expert with the information that you need to improve patient service and performance. For questions, he can be contacted at rbsterling@sterling-solutions.com.