|
|
|
Search
08/09/2013 Pamela Blustein
Security Risk Analysis Cost (Mark Aldrich, DPM)
In order to comply with Core Measure 15 of Meaningful Use – Security Risk Analysis- there are several steps that need to be taken. The Department of Health and Human Services in its’ Guide to Privacy and Security of Health Information-The Office of the National Coordinator of Health Information Technology, http://www.healthit.gov/sites/default/files/pdf/pr ivacy/privacy-and-security-guide.pdf , (page 9), delineates these 5 steps:
Reviewing existing security of PHI, Identifying threats and vulnerabilities, Assessing Risks for likelihood of impact, Mitigating security risks, and Monitoring results. All are vital steps and none can be skipped.
Furthermore, in this same Guide (page 12), the Department of HHS lists 5 Security Components for Risk Management: Physical safeguards, Administrative Safeguards, Technical Safeguards, Policies & Procedures, and Organizational Requirements.
None of these components can be overlooked, as all are important and required.
The government also suggests on their website that for a Security Risk Analysis to stand up to a compliance review, one should use a knowledgeable “experienced outside professional.” (same link, page 11) Thus there are 3 conclusions that can be gleaned from this:
1) All steps and components have to be performed. It is not up to a practitioner’s discretion to skip a step or deem what is required.
2) Even though some may feel that only a small percentage of breaches are related to electronic devices, the fact is that over 98% of the fines levied by HHS are due to the compromise of electronic devices.
3) Use a professional IT company that specializes in HIPAA/ HITECH and cyber security. Ignoring the possibility of an electronic breach and not doing everything to protect yourself is tantamount to ignoring the possibility of medical malpractice and going bare.
Pamela Blustein, Director Business Development, Cybrix Group, Pamela.Blustein@cybrixgroup.com
There are no more messages in this thread.
|
|
|
|