Updating HIPAA compliance in an age of data breaches

HIPAA ComplianceRecent data breaches at some of the country’s major healthcare organizations have prompted the Office of the National Coordinator for Health IT (ONC) to update its 2011 version of its Guide to Privacy and Security of Electronic Health Information.

The new guide, says the ONC, is specifically geared toward those providers who are “eligible professionals” under the Meaningful Use regulations, but it also is applicable to all HIPAA-covered entities or business associates

The goal of the new guide is to enable providers to “better understand how to integrate federal health information privacy and security requirements into their practices,” according to the ONC.

In addition to providing summaries of the HIPAA Privacy, Security and Breach Notification Rules, the guide also provides answers to a number of questions relating to patient information, disclosures, authorizations, patients’ rights and how HIPAA interacts with state law.

Included in the guide is a sample of a seven-step approach for implementing a security management process:

Step 1 – Lead your culture, select your team, and learn

Step 2 – Document your process, findings, and actions

Step 3 – Review existing security of electronic Protected Health Information (ePHI) (i.e., perform a security risk analysis)

Step 4 – Develop an action plan

Step 5 – Manage and mitigate risks

Step 6 – Attest for Meaningful Use security-related objective

Step 7 – Monitor, audit, and update security on an ongoing basis

The guide provides additional information on how to implement each of the steps. Recommendations include designating a security officer(s), promote a culture of protecting patient privacy and document, document, document!

“Basic cybersecurity practices are needed to protect the confidentiality, integrity, and availability of health information in the EHR system. These protections are essential whether the EHR is installed on a server in your office or hosted on your behalf by a developer over the Internet,” the guide states.

HIPPA for the complete guide

The Health Law Offices of Anthony C. Vitale assists clients with HIPAA compliance issues. Give us a call to discuss your individual needs.

Material presented on the Health Law Offices of Anthony C. Vitale's website is intended for information purposes only.

It is not intended as professional advice and should not be construed as such.