HIPAA Compliance is Confusing and Laborious…

IF You Don’t Know What Your are Doing.

We Know What We are Doing…

and Created a System to Simplify Everything.

Security Risk Assessments and Private Practice Physicians

The requirement to complete a HIPAA Security Risk Assessment has been in place since the original HIPAA Privacy Rule was issued. However, very few private practices have completed such a risk assessment. Meaningful Use is being used for HIPAA compliance and while enforcement of these requirements may have been slow to take shape, the Office of Civil Rights (OCR) is now aggressively pursuing HIPAA violations and penalties are steep.

Yet, as a private practice physician, you have a practice to run and patients to see. HIPAA compliance adds yet another thing for you to deal with.

Still, it is your responsibility to comply.

Experts in HIPAA Risk Assessments

Med Tech USA can assist your organization with performing a HIPAA Security Risk Assessment. Some private practices perform these audits internally, but an outside review will be more thorough. Plus, the advice you receive on compliance will not be predetermined by the approach your organization has previously taken. Don’t leave your practice subject to fines and negative publicity associated with a privacy breach, or other missteps in today’s elevated focus on HIPAA at OCR.

Med Tech USA is highly experienced in addressing the details needed to help your organization comply with current HIPAA regulations. We help private practices set up systems that will benefit you for years to come. The following will help you to further understand your organization’s responsibility and the scope of services that we provide when engaged to complete a HIPAA risk assessment.

HIPAA, HITECH, and Meaningful Use

The HITECH Act updated the HIPAA law, introducing several additional requirements and privacy safeguards, and the Meaningful Use criteria for certified EHR technology includes a specific requirement to perform a HIPAA Security Risk Assessment annually in order to qualify for the HITECH Act incentives for adopting EHR technology. This means there are two imperatives for performing a HIPAA Risk Assessment:
  • The original requirement in the HIPAA Privacy Rule, and
  • For healthcare organizations applying Meaningful Use incentives, the requirement to complete a HIPAA Security Risk Assessment as part of certifying the organization’s use of certified EHR technology.

Proper completion of your HIPAA risk assessment must include both Privacy and Security Rules

The HIPAA Privacy Rule refers to those standards that protect individuals’ medical records and other personal health information (PHI). They require appropriate safeguards intended to protect the privacy of PHI, and give patients rights over their health information.

Sample areas included in our HIPAA privacy rule assessment include:

  • Privacy & Confidentiality
  • Notice of Privacy Practices
  • Marketing/Fundraising/Sale of PHI
  • Minimum necessary Rule
  • Disclosures
  • Employee Training
  • Access to PHI
  • Business Associate contracting activities and BA Agreements in use and much more…
The HIPAA Security Rule refers to standards intended to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.

Sample areas included in our HIPAA security rule assessment include:

  • Security Management
  • Worker Sanctions
  • Security Responsibilities
  • Workforce Clearance/Termination Procedures
  • Authorization and Supervision of Access to ePHI
  • Isolation Health Clearinghouse Functions
  • Log-in Monitoring
  • Password Management
  • Security Incidents
  • Protection from Mal-ware
  • Security Awareness Training/security Reminders
  • Risk Analysis/Vulnerability Assessment
  • Contingency Planning

“All of that is well and fine” You Say?

I know. You really don’t give a hoot about all of these details. What you want is the quickest, simplest, most cost-effective way to ensure your practice functions in a HIPAA compliant manner.

Yep, We Get That.

And…This is Exactly What We Do.