HIPAA Blog

[ Monday, November 22, 2010 ]

 

Data Security: One of the requirements for "meaningful use" of EHRs (which all providers are going to have to show at some point or they'll take lower Medicare/Medicaid reimbursement) is that the provider regularly assess its data security risks. This is also a requirement of the HIPAA Security Rule -- in fact, based on what I've discovered when helping clients meet the HITECH requirements, it's probably the most consistently missed HIPAA requirement.

If you haven't done a risk analysis, you're in violation of the HIPAA Security Rule, plain and simple. If you did one back in 2003 - 2005 before the Security Rule came into play, then you should be consistently redoing it. And if you're not, you might not meet the "meaningful use" rules, either.

Jeff [9:18 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template