Healthcare organizations that demonstrate Meaningful Use have the opportunity to receive incentive payments through the Medicare and Medicaid EHR Incentive Programs.
The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.
The Administrative Safeguards provisions in the Security Rule require covered entities to perform a “risk analysis” as part of their security management processes.
From CMS Final Rule Meaningful Use Stage 1 Objectives and Measures:
Conduct or review a security risk analysis per 45 CRF 164.308 (a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process
A risk analysis process includes, but is not limited to, the following activities:
- Evaluate the likelihood and impact of potential risks to e-PHI;
- Implement appropriate security measures to address the risks identified in the risk analysis;
- Document the chosen security measures and, where required, the rationale for adopting those measures; and
- Maintain continuous, reasonable, and appropriate security protections.
FRSecure staff members are experts in dealing with all HIPAA requirements as they pertain to information security, including the “Security Standards for the Protection of Electronic Protected Health Information,” found at 45 CFR Part 160 and Part 164, Subparts A and C (commonly known as the Security Rule), including Meaningful Use.
FRSecure’s Services for HIPAA Compliance include:
- Information Security Assessment and Risk Analysis
- Information Security and Risk Consulting, including:
- Corporate Information Security Program Development, Policies, Standards, and Security Baseline Development,
- Enterprise Security Architecture and Standards Development,
- Security Awareness Program Development
- Incident Response Program Development