Privacy & Security Guidance
Privacy and Security Risk Assessments by healthcare providers are required by law and ultimately in the best interest of provider and patient alike.
On March 26, 2013, the HIPAA Privacy and Security Final Rule (HIPAA Omnibus Rule) brought forth significant changes. Additionally, the Office of Civil Rights (OCR) implemented random Meaningful Use audits to ensure that organizations are compliant with the HIPAA Security Rule.
One of the Core Objectives Eligible Professionals (EPs) must meet under the Medicare and Medicaid Electronic Health Record Incentive Program includes “Protect electronic health information created or maintained by the certified EHR through the implementation of appropriate technical capabilities” (42 CFR 495.6(d)(15) (2010). In order to meet this core objective of protecting ePHI, an organization must “conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process.”
Meeting and attesting to the completion of these measures is required to receive Meaningful Use incentive payments.
RI-REC staff provides guidance in this area with the RI-REC Privacy and Security Toolkit. The Toolkit contains up-to-date information on the latest guides and checklists to help you perform a self-guided Risk Analysis. Additionally, Premium and Premium Plus members can get the assistance of a dedicated Relationship Manager who can help you coordinate proposals from Privacy & Security vendors to conduct comprehensive security risk analysis – as well as craft policy and develop procedures.
Refer to our Privacy & Security Guidance Resources page.