Secure your ePHI with our
guaranteed
HIPAA Security
Risk Analysis
Programs
Self Assessment
On-Site Services
Play
We simplified, clarified and captured the HIPAA Security Risk Analysis process into a step-by-step SAAS solution so that internal clinic staff can use it: simple, automated and affordable.
HIPAA Security Risk Analysis Improves Revenue
(seehide more)
Progressive-thinking, pragmatic Medical decisions with happy patients is always the #1 goal. Staff will have a better sense of their responsibilities around handling patient disclosure situations. The obvious benefits from this strategy are more patients, less problems and better results through less F.U.D. (Fear, Uncertainty and Doubt).
A good HIPAA Security Risk Analysis will involve the "silos" of administrative departments, Physicians and support-staff helping mature process, workflows and planning. Here is an example of a Current Medical Planning Cycle:
To streamline and improve revenue, an integrated approach will help bring privacy and security into the group's culture. This increase in staff's confidence aids increasing patient demand for medical services. Here is an example of our methodology in the
HIPAAOne Medical Planning Cycle:
In our experience working with our clients and professionals across Healthcare disciplines, we are finding the following current issues:
Problem: Breaches affect patient care
(seehide more)
Have you ever been notified of a Healthcare breach? Were your children or relatives included in the list of people who may have had their identities stolen as a result of your Doctor's Office, Group Health Plan, or other Health Organization's loss?
Did this raise anxiety and awareness of how vulnerable our information really is?
The truth is an anxious patient is an unhappy patient. Unhappy or patients showing depressive symptoms resulting from having to deal with the fallout from losing their identities in addition to their illness is not good for patient care.
Do the HIPAA Security Risk Analysis and reassure your patients they can rest easy knowing their, and their family's, health information is secure.
Problem: Breaches increase Healthcare costs
(seehide more)
2012 was the first year of HIPAA Security enforcement. The impetus to drive improvement of our Patient data security must be more than costs, however this industry has no other enforcement watchdog other than the Office of Civil Rights(OCR).
Fines imposed are up to $50,000 per violation (could be HIPAA violation or record breached) up to $1.5M per year. Cases are triggered by self-reported breaches and patient "Whistleblower" complaints. HHS/OCR and State Attorney Generals (SAG) both have authority to investigate and pass judgment without jury.
These fines have been issued for small clinics, Hospitals, large Practice Groups, Health Plans and Business associates. It is apparent 2013 is going to be a year of greater enforcement.
Preparing your organization with a proper HIPAA Security Risk Analysis program can decrease your chances of a breach-related fine and keep your assets on the balance sheet.
Problem: HIPAA Security Analysis Spreadsheets and HSR Toolkits are inadequate
(seehide more)
Most Covered Entities lack the financial resources and in-house Security specialists to conduct a bona-fide HIPAA Security Risk Analysis (SRA). Regional Extension Centers have extensively improved the Federal HIPAA SRA spreadsheets
implying they are inadequate in their given form. When Leon Rodriguez, head HIPAA enforcer from the ONC, responded to a question from Steve Marco at the recent "2012 Annual ONC Meeting" in Washington, D.C. regarding
fine settlements where an inadequate SRA was sited, and if those entities used these spreadsheets, he answered, "...Yes, some of them did use the spreadsheet...".
Let's face it, the SRA spreadsheet was designed with the best intentions as an aid to the "Voluntary HIPAA Compliance" effort for Stage 1. Spreadsheets are grossly inadequate for Stage 2 nor provide real value or protection from the increasing trends in losing ePHI data and breach-related fines.
The EMR revolution focuses on functionality, not security. Our ePHI records are the most vulnerable repositories of patient identifiable information in the United States. In a day and age where identity theft is running rampant, not even babies are safe from
identify-theft predators perpetrating fraud. It is time to do better, time to use common-sense and basic security principles to secure the data to ensure only authorized people have access to it, that it
is available and held confidential.
Please click on the HIPAAOne tab at the top of this page to learn more (and watch our 2m:49s video introduction).
Preparing for an Audit
Though there are countless precautions one can take to comply entirely with HIPAA regulations, HIPAA audits still happen. Any number of things can trigger one, and despite the panic and second-guess that happens after one's been notified, there are actually several ways of handling a HIPAA audit that will protect a physician or practice.
To start with, be sure a formidable security system is in place. Everyone with access to the HIPAA PHI should have a unique password. A log that records who accessed the database and when will be a valuable tool during an audit. It will also be a helpful resource for in-house information. Since a breach of PHI is a common cause of an audit, this information is going to be vital to passing an audit. Programs to encrypt the PHI database is a good investment just to minimize possible violations.
Back up every document and have them readily available. Many physicians choose an external company that is charged with keeping the pertinent documentation filed and protected in case of an audit. Having all of the information available can make an unexpected audit go smoothly. Everyone in your practice must be available for questions and any help the auditors may require. Compliance in every way is key to passing a HIPAA audit.
