HIPAA Risk Analysis


Our Risk Analysis service for hospitals and other HIPAA covered entities satisfies compliance requirements set forth in HIPAA Security Rules (45 C.F.R. § § 164.302-318). Sera-Brynn security engineers conduct the Risk Analysis of Electronic Protected Health Information (e-PHI) on all the electronic medium in which it is created, received, maintained or transmitted, as well as the source or location of e-PHI as outlined in § 164.308(a)(1)(ii)(A).

We provide this service to multiple HIPAA covered entities to include hospitals, practices, and assisted living facilities.

Omnibus Final Rule

The Omnibus Final Rule was released on January 25, 2013. It went into effect on March 26, 2013; HIPAA covered entities such as hospitals, medical practices, health care providers, health systems, health plans and clearinghouses, as well as business associates, and vendors who do contracted business with covered entities, have 180 days (September, 2013) to become compliant.

Available Incentives

Medical practitioners (including dentists and at home nursing organizations) who early adopted electronic health records (EHR) in 2012 are eligible for the maximum Medicare EHR Incentive Payment Schedule of $44,000 spread over six years. 2013 adopters will receive $39,000 and 2014 adopters $24,000.

Areas designated as a “Health Professional Shortage Area” will receive an additional 10% increase on incentive payments. For instance, in Virginia, nearly all Correctional Facilities qualify.

Overview

From a security standpoint, the functional EHR database used by medical practitioners must be hhs.gov certified/approved for use. In order to meet hhs.gov requirements, the following security rules must be addressed:

Stage 1: Conduct or review a security risk analysis per 45 CFR 164.308 (a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process.

Stage 2: Conduct or review a security risk analysis per 45 CFR 164.308 (a)(1), including addressing the encryption/security of data at rest and implement security updates as necessary and correct identified security deficiencies as part of its risk management process.

Our Risk Analysis service for Healthcare organizations directly addresses these HIPAA Security Rules.

References:


If you would like to learn more about our HIPAA Risk Analysis service, please contact us at 757-243-1257 or email us at info@sera-brynn.com.