Risk Evaluation and Documented Computer Security for your Healthcare or Dental Practice
The protection of patient health information falls under two congressional acts: The Healthcare Insurance Portability and Accountability Act (HIPAA), and the Health Information Technology for Economic and Clinical Health Act (HITECH). While most of the data protection rules fall under HIPAA, enforcement of those rules and their application to your practice's business associates fall under HITECH. Typically everything is simply referred to as HIPAA in the interest of brevity.
View the full text of HIPAA and HITECH through these links:
The Healthcare Insurance Portability and Accountability Act (HIPAA) establishes requirements for the security of electronic Protected Health Information (e-PHI). It sounds straightforward yet with changing technology, compliance has become a moving target.
Proof of compliance requires two basic elements:
1. Risk Analysis 2. Documented and Implemented Policies and Procedures
A Risk Analysis involves evaluating the potential risks to e-PHI and determining security measures to address these risks. Security measures must then be fully carried out and documented with updates taking place at appropriate intervals or when changes to your practice or technology systems take place.
Potential HIPAA violations my be uncovered by a standard review of your organization or may be the result of an investigation following a complaint made to the Dept. of Health and Human Services about your organization’s practices.
Fines are imposed in four violation levels, and reflect the severity of a data breach, including factors such as the number of e-PHI records affected, the kinds of records affected, and the negligence of the organization. The following penalties may be assessed:
© 2019 HIPAA Security ConsultingA wholly owned subsidiary of The MacSmithThe information provided using this website is only intended to be general summary information to the public. It is not intended to take the place of either the written law or regulations.