Spacer
BlaineAS824
Spacer
PresentBannerCU724
Spacer
PMbannerE7-913.jpg 		PCCFX723
Podiatry Management Online


Facebook

 Podiatry Management Online
Podiatry Management Online

Home
Podiatry Management Online
CME
Podiatry Management Online
PM News
Podiatry Management Online
Classified Ads
Podiatry Management Online
PM Magazine
Podiatry Management Online
Highlights from
Current Issue
Podiatry Management Online
Highlights from
Recent Issues
Podiatry Management Online
Diabetes/Wound
Management
Podiatry Management Online
Practice Management
Podiatry Management Online
Biomechanics/Footwear
Sports Podiatry
Podiatry Management Online
Clinical Innovations
Podiatry Management Online
Profiles and
The Clinical Forum
Podiatry Management Online
Buyers' Guide
Podiatry Management Online
Annual Survey Report
Podiatry Management Online
New Products & Services
Podiatry Management Online
Archives
Podiatry Management Online
Sponsors
Podiatry Management Online
Privacy Policy
Podiatry Management Online
Contact Us
Podiatry Management Online
 


AllardGY324

Search

  
Search Results Details
Back To List Of Search Results

08/09/2013    Pamela Blustein

Security Risk Analysis Cost (Mark Aldrich, DPM)

In order to comply with Core Measure 15 of
Meaningful Use – Security Risk Analysis- there
are several steps that need to be taken. The
Department of Health and Human Services in its’
Guide to Privacy and Security of Health
Information-The Office of the National
Coordinator of Health Information Technology,
http://www.healthit.gov/sites/default/files/pdf/pr
ivacy/privacy-and-security-guide.pdf , (page 9),
delineates these 5 steps:

Reviewing existing security of PHI, Identifying
threats and vulnerabilities, Assessing Risks for
likelihood of impact, Mitigating security risks,
and Monitoring results. All are vital steps and
none can be skipped.

Furthermore, in this same Guide (page 12), the
Department of HHS lists 5 Security Components for
Risk Management: Physical safeguards,
Administrative Safeguards, Technical Safeguards,
Policies & Procedures, and Organizational
Requirements.

None of these components can be overlooked, as
all are important and required.

The government also suggests on their website
that for a Security Risk Analysis to stand up to
a compliance review, one should use a
knowledgeable “experienced outside professional.”
(same link, page 11)
Thus there are 3 conclusions that can be gleaned
from this:

1) All steps and components have to be performed.
It is not up to a practitioner’s discretion to
skip a step or deem what is required.

2) Even though some may feel that only a small
percentage of breaches are related to electronic
devices, the fact is that over 98% of the fines
levied by HHS are due to the compromise of
electronic devices.

3) Use a professional IT company that specializes
in HIPAA/ HITECH and cyber security.
Ignoring the possibility of an electronic breach
and not doing everything to protect yourself is
tantamount to ignoring the possibility of medical
malpractice and going bare.

Pamela Blustein, Director Business Development,
Cybrix Group, Pamela.Blustein@cybrixgroup.com

There are no more messages in this thread.
MTI?824


Our privacy policy has changed.
Click HERE to read it!