blog

Risk Watch for Total HIPAA Compliance

HIPAA Compliance Starts with a Risk Analysis

The Office of Civil Rights said, “Conducting a risk analysis is the first step in identifying and implementing safeguards that comply with and carry out the standards and implementation specifications in the Security Rule."

“Therefore, a risk analysis is foundational, and must be understood in detail before OCR can issue meaningful guidance that specifically addresses safeguards and technologies that will best protect electronic health information.”

DHH-OCR-July 2010

RWI offers software programs and services that simplify the HIPAA Risk Analysis with

  • Web-based Surveys for users who handle ePHI
  • Project Plans
  • Sophisticated analysis algorithms
  • Includes Corrective Action Plan template
  • End to End Risk Analysis Conducted as a Service

Click Here to request a Statement of Work for a Risk Analysis

Click Here to request a Custom Software Demo

HOT LINKS:

HSS Appoints Contractor to Conduct HIPAA Privacy and Security Audits

OCR Final Risk Analysis Rule

HHS-OIG Report on HIPAA Vulnerabilities

Mass General Fine & Corrective Action Plan

HIPAA SOFTWARE

The HIPAA Security and Privacy Rules establish national standards for protection of medical records and PHI (Protected Health Information). Every hospital, health plan, clearinghouse, physician practice, business associate and ANY organization that holds or manages health information has to conduct a Risk Analysis, according to the guidelines issued in 2010 by the Office of Civil Rights (OCR).
The OCR made clear that it considers the Risk Analysis to be the foundation document that regulators will use to assess compliance with the HIPAA standards, including not only the Security and Privacy rules, but also NIST Special Publication 800-66, which gives additional guidance on how to handle, manage and protect individual health information. They also use the Risk Analysis to validate the organization’s choice of relevant safeguards (controls).

"Meaningful Use" Regs for Electronic Medical Records The final regulations (864 pages) on what will constitute “meaningful use" of electronic medical records are now here. And the changes they include make it easier for hospitals and doctors to qualify next year for the first round of incentive payments for adopting Electronic Medical Records (EMRs). As part of the stimulus package passed last year, up to $27 billion will be paid out by the Centers for Medicare and Medicaid Services over 10 years to providers that meet a series of requirements for EMR use. A Risk Assessment is also required for “Meaningful Use”.

The HIPAA Security Rule Many healthcare providers have not paid close enough attention to the actual requirements of the HIPAA Security Rule. In addition to covered entity providers that must comply with the security regulations, business associates that have not implemented the requirements of the HIPAA Security Rule must also do so, thanks to the HITECH Act. The newest OCR guidance focuses on the first step in identifying and implementing safeguards consistent with the HIPAA Security Rule. According to OCR, "the guidance is not intended to provide a one-size-fits-all blueprint for compliance with the risk analysis requirement. Rather, it clarifies the expectations of the Department for organizations working to meet these requirements." We encourage providers and business associates to review the guidance as the HIPAA Security Rule emphasizes that the risk analysis process is a key element in achieving compliance with the regulatory requirements and it is an ongoing evolving process.

 

 

 

TRAINING

Online Training: http://www.ecfirst.biz/onlinetraining.html

 

Certified HIPAA AdministratorTM (CHATM)

The Health Insurance Portability and Accountability Act (HIPAA) is about insurance portability, fraud, and administrative simplification. In this 3 course HIPAA Administrator boot camp we examine the impact of the legislation from the perspective of end users, such as nurses and administrators, responsible for delivering and supporting health-care related services.

 

Certified HIPAA Professional (CHP)

The Health Insurance Portability and Accountability Act (HIPAA) is about insurance portability, fraud, and administrative simplification. In this HIPAA training we examine basics of the Administrative Simplification portion of the HIPAA legislation. We examine HIPAA Transactions and Code Sets, Identifiers, Privacy and Security. It is this provision of the HIPAA regulation that is the watershed legislation for health-care information systems.

 

Certified HIPAA Security SpecialistTM (CHSSTM)

A core aspect of the Health Insurance Portability and Accountability Act (HIPAA) is to secure electronic medical records. The Certified HIPAA Security Specialist examines all defined HIPAA security specifications and identify options and solutions available to secure health care entities. The HIPAA security compliance training flow and content accounts for the three security domains defined within the HIPAA Security Rule. The HIPAA security domain topics are addressed in the context of the required implementation specifications and associated security technologies and policies. Each lesson is focused with health care examples, templates and solutions that will be valuable as your organization considers options to secure the enterprise.

 

Certified Security Compliance SpecialistTM (CSCSTM)

The CSCS™ Program is the first and only program in the world that provides a comprehensive treatment of major information security regulations and standards. The Certified Security Compliance Specialist™ (CSCS™) credential is a job-role based designation. This program is designed to enable professionals to understand, prioritize and ultimately assist organizations achieve compliance with information security-based regulations.

 

Instructor-Led Training: http://www.ecfirst.biz/hitrsc.html

Schedule:

September 14-17 Lombard, IL

October 19-22 Newport Beach, CA

December 7-10 Orlando, FL

 

Certified HIPAA Professional (CHP)

This Certified HIPAA Professional certification training helps you better understand HIPAA's Administrative Simplification Act as well as how to create a framework for initiating and working towards a blueprint for HIPAA compliance. From this boot camp you will learn the following about HIPAA:

  • Understand why HIPAA requirements will cause significant changes in policies, procedures and processes within the organization in the handling of patient records.
  • Examine how implementing HIPAA will affect the way healthcare entities organize and staff to achieve and monitor compliance with patient privacy/confidentiality needs.
  • Step through qualifications and positioning strategies for a Chief Privacy Officer and requirements for a Chief Security Officer.
  • Learn why HIPAA compliance is better focused as a business issue than as an IT issue, although IT will play a major role in implementing compliant systems.
  • Review specific requirements and implementation features within each security category.

Step through how to plan and prepare for HIPAA compliance. HIPAA is about awareness first, assessment second and finally action focused on gaps identified.

 

Certified Security Compliance SpecialistTM (CSCSTM)

The CSCS™ Program is the first and only program in the world that provides a comprehensive treatment of major information security regulations and standards. You can expect to learn and understand core requirements of the following from the CSCS™ program:

  • ISO Standards including 27001, 27002, 27799
  • PCI DSS
  • COBIT Security Baseline
  • FISMA
  • HIPAA
  • U.S. State Regulations on Information Security
  • FACTA, Red Flag Rules – Identity Theft

RESOURCES

Security Policy Templates: http://www.ecfirst.biz/insepote1.html

The ecfirst security policy template documents can be easily customized to meet the specific requirements of any type of organization.

Please review the outline of HIPAA Security policy templates that may be licensed for use to address requirements of the HIPAA Security Rule.

Security Policy Sample

Click here to view InfoSec Policy Templates Index in PDF

CONSULTING

Assistance with your Risk Analysis and Breach or Meaningful Use Assessments

RWI can assist you in conducting your HIPAA Risk Analysis or Breach and/or Meaningful Use Assessment. Our highly training HIPAA experts not only know the HIPAA rules and the healthcare environment, but they also know how to conduct a fast, comprehensive risk analysis using the famous Risk Watch software. Whether you need the entire assessment done for you in less than two weeks, or just a few hours of online help, our team can also help with

  • Developing Policies, Practices & Procedures
  • Education and Training Programs for your staff
  • Staff Education and Training
  • Creation of a Corrective Action Plan customized for your organization
  • Penetration Tests and automated Vulnerability Scans
  • On-going HIPAA project management and coordination

tech support

 

training

 

 

HOME | ABOUT US | SERVICES | PRODUCTS | WEBINARS | EVENTS | CONTACT
Copyright © 2010 Risk Watch International All rights reserved