The requirement to complete a HIPAA Risk Assessment has been in place since the original HIPAA Privacy Rule was issued in 2003. However, very few healthcare organizations have completed such an assessment. And while enforcement of these requirements may have been slow to take shape, the Office of Civil Rights (OCR) is now aggressively pursuing HIPAA violations … and penalties are steep.
Expert HIPAA Risk Assessment
The Fox Group can assist your organization with performing a HIPAA Risk Assessment. Many organizations perform these audits internally, but an outside review can be more thorough, and the advice you receive on compliance will not be predetermined by the approach the organization has previously taken to such compliance. Don’t leave your organization subject to fines and negative publicity associated with a privacy breach, or other missteps in today’s elevated focus on HIPAA at OCR.
The Fox Group is well versed in addressing the details needed to help your organization comply with current HIPAA regulations and to set up systems that will benefit you for years to come. The following will help you to further understand your organization’s responsibility and the scope of services that we provide when engaged to complete a HIPAA risk assessment.
HIPAA, HITECH, and Meaningful Use
The HITECH Act of 2009 updated the HIPAA law, introducing several additional requirements and privacy safeguards, and the Meaningful Use criteria for certified EHR technology includes a specific requirement to perform a HIPAA Risk Assessment in order to qualify for the HITECH Act incentives for adopting EHR technology. This means there are two imperatives for performing a HIPAA Risk Assessment:
- The original requirement in the HIPAA Privacy Rule, and
- For healthcare organizations applying for HITECH Act EHR Meaningful Use incentives, the requirement to complete a HIPAA Risk Assessment as part of certifying the organization’s use of certified EHR technology.
Proper completion of your HIPAA risk assessment must include both Privacy and Security Rules
The HIPAA Privacy Rule refers to those standards that protect individuals’ medical records and other personal health information (PHI). They require appropriate safeguards intended to protect the privacy of PHI, and give patients rights over their health information.
Sample areas included in our HIPAA privacy rule assessment include:
The HIPAA Security Rule refers to standards intended to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate (1) administrative, (2) physical, and (3) technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.
Sample areas included in our HIPAA security rule assessment include:
The Fox Group works throughout the U.S., so Contact Us and get the expert assistance that you need in order to ensure that your organization is comfortably complying with today’s HIPAA requirements. We think you’ll be glad you did.Google+