What are the Security Rule Standards and why is this important to my business?
It is an understatement to say that Healthcare has experienced a massive amount of change over the past several years. One thing is for certain the environment for exposure to risk for a covered healthcare entity is rising with the changes occurring. That is why recent legislation has been reinforcing and expanding the requirements previously adopted in the HIPAA Security Rule.
Each HIPAA Security Rule standard is required. A covered entity is required to comply with all standards of the Security Rule with respect to all EPHI. Many of the standards contain implementation specifications. An implementation specification is a more detailed description of the method or approach covered entities can use to meet a particular standard. Implementation specifications are either required or addressable. However, regardless of whether a standard includes implementation specifications, covered entities must comply with each standard. Documentation is vital!
Some frequently asked Questions:
Doesn’t my EMR/EHR, Practice Management vendor handle all of this for me?
Your certified software vendors are a part of the process, but they are not able to address your business policies and written procedures for how you as a practice handle the information created in the systems. While they are focused on providing the secure frameworks inside their software systems to protect the information, your administrative and physical requirements need to be documented for your practice.
Doesn’t my HIPAA Consent form cover me?
This covers the communication of information and is vital to your business. However you must have documented internal policies and procedures that are routinely communicated for your staff to ensure that the consent information agreed upon by patient and provider is executed.
Doesn’t my outsourced IT support vendor have this all covered for me?
Your vendors are a part of the process, but they are not able to address your business policies and written procedures for how you as a practice handle the information created in the systems. It is vital that you clearly define the roles and responsibilities being delivered by your vendors in your business associate agreements.
Never been an issue before why should I be concerned?
Reputation of your brand has been built with years of hard work. That can all be removed with one incident. How would a breach incident affect your relationship with colleagues and referrals? Everything is affected and almost always never forgiven.