• Home
  • Blog
  • Contact
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceHIPAA Compliance
  • Home
  • Blog
  • Contact

What should you expect from your HIPAA Security Official?

March 3, 2009 Security No Comments

HIPAA’s Security Rule requires covered entities to designate one person to be responsible for the development and implementation of policies and procedures that safeguard electronic protected health information. Nearly all organizations implemented measures to manage privacy in oral, written, and electronic media. However, as healthcare organizations and their business associates, inspired by the HITECH Act (stimulus package) respond to forthcoming financial incentives to adopt electronic health record (EHR) software, the need to beef up your security measures. So what should you look for in your Security Official? For starters, you need someone who understands clinical and billing workflows, recognizes that in the past some clinicians have communicated with patients via unsecure email such as AOL, Yahoo!, and Comcast, and also is skilled at shouldering broad responsibility while delegating assignments. Here, we’ve updated the a Get-Started plan originally published in HIPAA Plain & Simple (AMA), to include the following criteria.

What to Do

Conduct a risk assessment to determine the practice’s security safeguards and vulnerabilities.

How to Do It

As you go through your risk assessment, assign a value from 1 to 5 for each risk/ Risks receiving a “1” value indicate the risk is probably low, but still needs attention; a risk given a “5” rating means the event, such as theft, breaking into the offices, fire, weather damage, has happened at least once, and is likely to happen again.

For those risks given a 3 or 4 rating, assign an owner or owners to manage those risks. For example, you’ve decided to purchase EHR software, and you’ll be purchasing new tablets for all the clinicians. Without even accessing a risk assessment, you can already build a list of potential problem areas, such as theft, malicious software, or damage from dropping. HIPAA’s physical safeguard standard, (45 CFR 164.310{b}) requires that you implement policies and procedures that specify the proper functions to be performed, the manner in which those functions are to be performed, and the physical attributes of the surroundings of a specific workstation that can access electronic protected health information.

You not only want to safeguard protected health information, you also want to safeguard your investment. The owners of this physical safeguard could be a lead physician, a nurse, and a lab technician.

If you are the Security Official and have any concerns about your responsibilities, or if you’d like a copy of our risk assessment, give us a call or send us an email. We’re here to help.

Tags: EHRelectronic health recordHIPAAHITECH ActSecurity Officialstimulus package
No Comments
Share
0

You also might be interested in

HHS Issues Interim Final Rule for HITECH ‘Breach Notification’

Aug 21, 2009

U.S. Department of Health and Human Services Secretary, Kathleen Sebelius,[...]

Get Ready Now for Toughened HIPAA/HITECH Act Privacy and Security Rules and Enforcement, and Big Noncompliance Fines

Aug 17, 2011

The Health Insurance Portability and Accountability Act of 1996 (HIPAA)[...]

Finally, HIPAA/HITECH Act Privacy, Security, Breach Notification, Enforcement Final Rules at OMB

Mar 24, 2012

March 24, 2012.   Today, the Office of Information and Regulatory[...]

Leave a Reply Cancel Reply

Categories

  • 5010
  • American Recovery and Reinvestment Act
  • Enforcement
  • GINA
  • Health Care Reform
  • Health IT and HITECH
  • HIPAA Law
  • Identifiers
  • Meaningful Use
  • Privacy
  • Red Flags Rules
  • Security
  • Transactions & Code Sets
  • Uncategorized

Recent Posts

  • Contracting with Vendors that are NOT HIPAA Business Associates: Best Practices
  • HIPAA Breach: Who You Gonna Call?
  • Can I Be Sued for a HIPAA Violation?
  • Business Associate Agreements – a First Look at Indemnification
  • Gmail, Google Apps for Business HIPAA Business Associate Agreements

Archives

Contact Us

We're currently offline. Send us an email and we'll get back to you, asap.

Send Message
HIPAA- Health Insurance Portability Accountability Act

© 2023 · hipaa.com

Prev Next