Does Your Practice Need a Security Risk Analysis?

The HIPAA Security Rule was established to help business entities who handle electronic personal health information (ePHI) determine if they have proper safeguards in place to prevent a breach in patients’ healthcare information. Under the Security Rule, all covered entities are required to implement three types of safeguards: administrative, physical and technical.

How to create a security plan for your office

The first step towards improving is knowing where you stand. That’s why we recommend you start by conducting a security risk analysis.A security risk analysis will help you understand what aspects of your current ePHI procedures are compliant with the HIPAA Security Rule, and what processes need to be improved. A security risk analysis will assess each type of safeguard that you need.

Administrative Safeguards

Administrative safeguards include all of the processes and procedures that limit the possibility of a security breach. For example, these procedures should identify what type of information each office team members has access to. It should also document the roles and responsibilities for maintaining the physical and technical safeguards.

Physical Safeguards

Physical safeguards are the ways in which you actively protect against the possibility of stolen ePHI. Physical safeguards include locks, video surveillance, and even the positioning of computer screens and printers away from patient areas.

Technical Safeguards

Technical safeguards are the hardware and software that your business uses to limit accessibility and prevent stolen or unauthorized access to ePHI. Data encryption is one way that software is used to protect sensitive information from the threat of hackers.

Where to start

Several years ago we implemented a healthcare compliance program to meet our clients’ needs. We provide support, employee training, template policies, procedures and best practices in the areas of HIPAA, OSHA, Fraud and Abuse, and Human Resource Management. In addition, our compliance program includes a tool to perform a security risk analysis. A security risk analysis is the first step towards HIPPA Security Rule compliance. It also puts you on a path towards improving the security of your office so that you can remain focused on providing the best care for your patients.