Health Information Compliance Alert
Beef Up Your Cybersecurity With This New Tool
Hint: Calculate your practice risk and manage it. Under the provisions of the HIPAA Security Rule, covered entities (CEs) are required to safeguard patients’ protected health information (PHI). The best way to do that is to assess, analyze, and manage your practice’s compliance and cybersecurity risks. The HHS Office of the National Coordinator for Health Information Technology (ONC) released a new security risk assessment (SRA) tool that is easy to access and use, which can help you better formulate a HIPAA compliance plan that works. Background: “The tool is designed to help healthcare providers conduct a security risk assessment as required by the HIPAA Security Rule and the Centers for Medicare and Medicaid Services (CMS) Electronic Health Record (EHR) Incentive Program,” notes ONC on its website. The tool is designed to be both easy to use and intuitive. According to the ONC, some of the features of the SRA tool include: The tool is intended to be used as a sort of internal audit — your practice can assess its individual risk without having the results plastered everywhere. “All information entered into the SRA Tool is stored locally to the users’ computer or tablet. HHS does not receive, collect, view, store or transmit any information entered in the SRA Tool. The results of the assessment are displayed in a report which can be used to determine risks in policies, processes and systems and methods to mitigate weaknesses are provided as the user is performing the assessment,” ONC says. Caveat: This tool is designed to be most effective and efficient for smaller organizations. “The target audience for this tool is medium and small providers; thus, use of this tool may not be appropriate for larger organizations,” ONC says. If you used the previous version of this SRA tool — Version 2.0 — you can make small adjustments. “Note that you can’t directly transfer data from 2.0 to 3.0, but can upload certain portions (e.g., lists of assets and BAs),” ONC says. The ONC recommends downloading the former SRA Tool 2.0 and its user guide for more information. For details on how to download and use the new SRA Tool 3.0, see www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool.
Health Information Compliance Alert
- HITECH:
RFI Spells Trouble for Breached Practices in the Future
Feds look at ways to quantify HIPAA breaches — and pay patients for lost PHI. [...] - Telemedicine Roundup:
Virtual Care Goes Mainstream in 2019
Telehealth services are at the intersection of many new policies. There’s no denying that technology [...] - Cybersecurity:
Pocket This Charity Advice to Sidestep Scams
Tip: Do your research before your practice donates cash. Helping a worthy charity or bolstering [...] - Toolkit:
Beef Up Your Cybersecurity With This New Tool
Hint: Calculate your practice risk and manage it. Under the provisions of the HIPAA Security [...] - Reader Question:
Cut Down On Identity Theft With Proper PHI Disposal Protocols
Question: Our primary care practice is relocating to another office with more space, and we’re [...] - Enforcement News:
Anthem's HIPAA Settlement With OCR Biggest in History
As 2014 ended and 2015 began, private payer, Anthem, Inc., suffered the biggest HIPAA violation [...] - Enforcement News:
Ohio Implements Safe Harbor Law for Cybersecurity
In another case of the states supporting data security best practices, Ohio has upped its [...]