Meaningful core measure 15 states that a security risk assessment must be performed each reporting period, and appropriate security updates installed to protected health information. Many healthcare providers and hospitals are finding that may be easier said than done. The Department of Health and Human Services' (DHHS) requirements for ensuring privacy and security of protected health information is at best complex.
The need to share
Effectively treating patients requires sharing protected health information between healthcare providers. For instance, an elderly patient suffering from shoulder pain may be sent to a specialist for treatment. Having the ability to compare new x-rays with ones already taken would help the doctor diagnose and treat the problem. When the information needed is protected information belonging to another healthcare provider, even within the same facility, it can cause an issue. Getting the necessary information to the new doctor without breaching patient privacy is paramount.
Compliance
For the IT healthcare professional, ensuring that all the steps are taken for protecting privacy and improving security can be time-consuming. Routers, web servers, Smartphone’s, tablets and laptop computers must be safeguarded to prevent the unauthorized disclosure of healthcare information. Often the IT department is understaffed and over tasked. Assigning a dedicated full-time IT position to maintain safeguards may not be feasible.
Risk Assessment
Engaging in a security HIPPA risk assessment under HITECH, Meaningful Use, HIPAA and Omnibus Rules can be overwhelming. The complexity of these reporting period assessments only increases with the complexity of the facility. However, a small practice may not have the resources for a dedicated IT professional. It may fall to staff members to perform the IT risk analysis. Even if IT professionals are available, performing a risk assessment and ensuring compliance with all standards can stretch manpower to the limits.
Finding balance
The question becomes establishment of a system that effectively maintains compliance with the reporting requirements. This becomes a more pressing concern if non-IT personnel must complete the audit and submit reports. The answer for many healthcare facilities may be with software. A software package that is scalable, user-friendly and that meet legal requirements can help the healthcare provider to protect the privacy and security of patient health information.
Business Address:
The Compliancy Group LLC.
55 Broadway Unit 684
Green lawn, NY 11740
Phone No855)854-4722
Fax :((631)731-1643
[email protected]
http://www.compliancy-group.com
###