|
Word of the Day: Site VisitA scheduled three- to five-hour visit at a location determined by the vendor and host site that allows the practice purchasing the same software to see… |
|
Red Flags Rules Compliance Countdown: 1 dayOne day left until the May 1, 2009 Red Flags Rule compliance deadline. |
|
|
Get Your Team Prepared for the EHR, Part ThreeDon’t know what EHR to purchase? An environmental scan will help you select your EHR software and establish the roadmap for implementation. No plan? Not good. An assessment (scan) helps you identify what you know, and don’t know, and then helps you determine which vendor(s) meet your budget, specialty, organizational culture, geography, quality reporting for ARRA Stimulus incentives, and so much more. Here’s how to do it. |
|
|
Word of the Day: Evidence-Based Practice CenterInstitution contracted under Agency for Healthcare Research and Quality (AHRQ) to develop evidence reports and technology assessments on topics… |
|
|
Facility Access Controls: Maintenance Records-What to Do and How to Do ItThe Security Official is responsible for ensuring that this implementation specification is in place. The Security Official should create and maintain a log and a description of repairs or modifications made to the covered entity’s physical security components. The log should document in writing any action taken in that regard. The Security Rule requires that that log be maintained for a period of six years after completion of each maintenance action regarding physical security. The log may be maintained in electronic format, but the log retention time requires that electronic logs be routinely backed up. |
|
|
Red Flags Rules Compliance Countdown: 2 daysTwo days left until the May 1, 2009 Red Flags Rule compliance deadline. |
|
|
Word of the Day: PHRThe health care consumer’s health information record, which they own and manage… |
|
|
Facility Access Controls: Access Control and Validation Procedures-What to Do and How to Do ItThe Security Official is responsible for ensuring that this implementation specification is in place. The covered entity should establish a plan that identifies who controls access to the covered entity’s facility, and which persons have authorized access to software and systems that contain electronic protected health information. In most covered entities, the plan will define access based on function and need. Again, function and need will be outcomes of the risk analysis, and will be inputs to workforce members’ job descriptions that are part of the Security Rule’s Administrative Safeguard Procedures. Scalability is a factor in determining function and need, as covered entities with small workforces may have broader function and need assignments than large covered entities with workforce members who specialize in narrower tasks. |
Syndicate this site
Sign up for email updates
Follow HIPAA.com on Twitter
