It’s no fun, but you have to do it: a HIPAA security risk assessment.
And if you participate in the Medicare Merit-Based Incentive Payment System (MIPS), conducting or updating a risk assessment is a requirement in the Promoting Interoperability category. In order to meet the 2019 performance year requirements, you must complete your security risk assessment by Dec. 31. This is not an optional measure.
Thankfully, an upgraded tool from the U.S. Department of Health and Human Services (HHS) might make the assessment easier.
The Security Risk Assessment Tool 3.1 is designed to help practices with one to 10 physicians identify their risks and vulnerabilities with electronic protected health information (ePHI) and then implement appropriate security measures.
In updating the tool, HHS incorporated feedback from practice managers and tested user experience. Enhancements include a progress tracker, detailed reports, a more logical workflow, and a business associate and equipment tracker, the HHS Office for Civil Rights says.
HIPAA requires practices to review and document their administrative, physical, and technical safeguards to regularly protect patients’ ePHI.
For more about HIPAA security safeguards and requirements, visit the TMA website’s electronic health record and HIPAA pages.
Also, TMA’s practice management consultants can provide on-site staff training and compliance walk-throughs. Plus, TMA offers two on-point continuing medical education courses: HIPAA Security: Compliance and Case Studies and Complying With HIPAA Security. Those courses are free to TMA members, compliments of TMA Insurance Trust.
Last Updated On
November 13, 2019
Originally Published On
October 30, 2018