It seems as if health care compliance and regulatory requirements are constantly changing. First, there was the Health Insurance Portability and Accountability Act (HIPAA). Now, the HITECH act is getting more attention due to the financial incentives for automating Electronic Health Records (EHRs). Consequently, the security of EHR systems and the data they contain has become even more important for organizations that store health care data.
The HITECH Act also expands the scope of HIPAA in terms of penalties, compliance, and enforcement. Until recently, HIPAA has been laxly enforced. The HITECH Act significantly increases the exposure risk of non-compliance. The privacy and security requirements under HIPAA have also significantly expanded, as well as penalties for violations. Ensuring that your organization complies with HIPAA requires an understanding and implementation of the various rules. The area of HIPAA most closely related to information security is the security rule. Security rule compliance revolves around documentation and policies.
Here are examples of areas with which SeNet can assist your organization to comply with the security rule:
- Risk Analysis – Security rule Section 1.1 calls for a risk analysis. This is also required as item 25 in the list of HITECH meaningful use requirements. A risk analysis should be the starting point for any security implementation process. SeNet has a software solution that will allow you to conduct a standards-based risk analysis quickly and efficiently.
- Risk Management – Security rule Section 1.1 also mandates a risk management program. SeNet can help clients develop a risk management program based on the results of the risk analysis and their available resources. The plan should address the most critical risks first, followed by other items as resources allow.
- Education and Training Programs – Security rule Section 1.5 requires formal education and training programs for staff members. SeNet can help clients develop a program that is appropriate to their organization, level of complexity, and resources. The best technological controls will be useless if the staff is ignorant of security issues and responsibilities.
- Contingency Plan – Security rule Section 1.7 states that practices must have a contingency plan that includes data backups, disaster recovery, emergency mode procedures, etc. It is important for practices, or any business, to have robust plans and procedures to deal with emergencies such as data loss, equipment theft, and other important issues.
- Technical Safeguards – Security rule Section 3 outlines the necessary technical security controls. SeNet can work with practices to meet the minimum necessary technical controls that are appropriate for their organization. As you know, technical safeguards are where the “rubber meets the road.” SeNet can advise clients on what technologies are appropriate for their organization and how they should be implemented in a timely, cost-effective manner.
Depending on the development stage in your HIPAA and overall information security roadmap, SeNet can assist in several ways. From performing a simple computer security “checkup” to performing complete, comprehensive HIPAA assessments and EHR integration and security testing. SeNet is a leading company in the field of information security and provides these services to many organizations, including the Department of Health and Human Services (HHS).