If you have Patient Health Information (PHI, or ePHI) then you need to protect it. It’s as simple as that. You need to know how to protect it and what the requirements are. DCF will perform a Security Risk Analysis that will meet the core requirement 15 for Meaningful Use under the HIPAA security Rule.
HIPAA Security Rule
§ 164.308(a)(1)(ii)(A) Security Risk Analysis (required) “Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (ePHI) held by the covered entity.”

Discovery Computer

In order to meet the requirements for Stage 1 meaningful use, it is required that you perform a HIPAA security risk assessment performed at your practice each time you attest to meaningful use.  If you checked the box “yes” on your attestation, and have not had this completed, you will need to have the assessment done on your practice.  This is a very comprehensive process that not only assists you in being compliant but what should be considered to be “best practice” for any medical entity.

If you are wondering why you should do this, the quick answer is, it is the LAW.  As with any law, fine and penalties will apply. Many websites, including HHS.gov, the AMA, etc. are filled with HIPAA laws and requirements.  Sorting through, understanding, and implementing all of these laws and what is required of you can be quite challenging.  Because of this, DCF has created a comprehensive plan to make sure you are in compliance with every HIPAA security rule.

Discovery Computer

SECURITY RISK ASSESSMENTS?

If you do not do the HIPAA security risk assessment, and you still receive the incentive money, that doesn’t necessarily mean you “got away with it”.  At any time, the ONC can perform audits, which can result in having to pay back any incentive money you received.  Don’t risk it.  Have the  HIPAA security risk assessment done.

DCF will perform a comprehensive HIPAA security risk assessment at your practice to help you protect your electronic health information.  We have the proper tools to take a comprehensive look at the way you are securing your ePHI.  If any issues are discovered, we can easily provide the remediation, making sure you are HIPAA compliant, and that your ePHI is safe and secure.

The Audits are coming.  Don’t get caught without your HIPAA Risk Assessments.