You may want to take a moment to read this article immediately below when it’s convenient for you…
A Wake-up Call on the Security Rule | Journal of AHIMA
The article entitled “A Wake-up Call on the Security Rule” from the Journal of AHIMA” provides important background information about why organizations need to become and remain compliant with the HIPAA Security Final Rule, the HIPAA Privacy Final Rule and the “teeth” put into both by The HITECH Act.
As the title suggest, the article focuses on Security and discusses both a security compliance assessment AND a security risk analysis. There’s much confusion about them, hence my blog post of a couple of weeks ago: “HIPAA Security Evaluation – HIPAA Risk Analysis: Explained”
Some of the more salient points in the article:
· Susan McAndrew, OCR deputy director for privacy (at OCR), said that OCR spent its first year mainly getting acquainted with security enforcement. This year, she said, would be the year OCR moves security enforcement to the forefront of its efforts.
· OCR has added investigators in 10 regional OCR offices with the expectation to conduct more HIPAA security compliant investigations and compliance reviews.
· OCR also has the ability to also conduct random security rule compliance audits at covered entities.
· Being prepared for a HIPAA security rule compliance audit—either conducted at random by OCR or triggered by a security breach incident—has never been more important.
· “Risk analysis and risk management are really the key … to prepare for an OCR security audit,”
· The threat of increased fines and enforcement is not the only reasons healthcare organizations should reevaluate their HIPAA security risk analyses. The HITECH “meaningful use” incentive program…explicitly calls for organizations to conduct and document a risk analysis and implemented security controls”
Remember… although the official translation of HITECH = Health Information Technology for Economic and Clinical Health, for most Covered Entities and Business Associates it means “Hey It’s Time to End Your Compliance Holiday”…
We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.