ePHI HIPAA Requirements
We know you have Patient Health Information (PHI, or ePHI) and you are going to need to protect it. It’s as easy as that. You need to know how to protect it and what the requirements are. Tier3MD will perform a Security Risk Analysis that will meet the core requirement 15 for Meaningful Use under the HIPAA security Rule.
The HIPAA Security Rule
§ 164.308(a)(1)(ii)(A) Security Risk Analysis (required) “Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (ePHI) held by the covered entity.”
In order to meet the requirements for Stage 1 meaningful use, it is required that you perform a HIPAA security risk assessment performed at your practice each time you attest to meaningful use. If you checked the box “yes” on your attestation, and have not had this completed, you will need to have the assessment done on your practice. This is a very comprehensive process that not only assists you in being compliant, but what should be considered to be “best practice” for any medical entity.
If you are wondering why you should do this, the quick answer is, it is the LAW. As with any law, fine and penalties will apply. Many websites, including HHS.gov, the AMA, etc. are filled with HIPAA laws and requirements. Sorting through, understanding, and implementing all of these laws and what is required of you can be quite challenging. Because of this, Tier3MD has created a comprehensive plan to make sure you are in compliance with every HIPAA security rule.
What if you have not performed the HIPAA security risk assessments?
If you do not do the HIPAA security risk assessment, and you still receive the incentive money, that doesn’t necessarily mean you “got away with it”. At any time, the ONC can perform audits, which can result in having to pay back any incentive money you received. Don’t risk it. Have the HIPAA security risk assessment done.
Tier3MD will perform a comprehensive HIPAA security risk assessment at your practice to help you protect your electronic health information. We have the proper tools to take a comprehensive look at the way you are securing your ePHI. If any issues are discovered, we can easily provide the remediation, making sure you are HIPAA compliant, and that your ePHI is safe and secure.