It’s no fun, but you have to do it: a HIPAA security risk assessment.
Thankfully, an upgraded tool from the U.S. Department of Health and Human Services (HHS) might make it easier.
The Security Risk Assessment Tool 3.0 is designed to help practices with one to 10 physicians identify their risks and vulnerabilities with electronic protected health information (ePHI) and then implement appropriate security measures.
In updating the tool, HHS incorporated feedback from practice managers and tested user experience. Enhancements include a progress tracker, detailed reports, a more logical workflow, and a business associate and equipment tracker, the HHS Office for Civil Rights says.
HIPAA requires practices to review and document their administrative, physical, and technical safeguards to regularly protect patients’ ePHI.
Also, if you participate in the Medicare Merit-Based Incentive Payment System (MIPS), conducting or updating a risk assessment is a core requirement in the Promoting Interoperability category.
For more about HIPAA security safeguards and requirements, visit the TMA website’s electronic health record and HIPAA pages.
Also, TMA’s practice management consultants can provide on-site staff training and compliance walk-throughs. Plus, TMA offers two on-point continuing medical education courses: HIPAA Security: Compliance and Case Studies and Complying With HIPAA Security. Those courses are free to TMA members, compliments of TMA Insurance Trust.
Last Updated On
October 30, 2018