[ Wednesday, May 01, 2013 ]
Meaningful Use and HIPAA:
Jeff [2:15 PM]
If you are a healthcare provider who is receiving federal incentive payments under the HITECH Act for "meaningful use" (i.e., you are a meaningful user of an Electronic Medical Record, have attested to it, and receive incentive payments from CMS), you stand a 5% chance
of being audited, either before or after payment is made. One of the certifications you must attest to is that you have conducted a HIPAA Security Rule risk assessment. Apparently, lots of EMR meaningful users have attested to this, even though they haven't done it.
IDExperts asks the question
, "Do you really need security to attest to meaningful use?" The answer is an absolute and unequivocal yes.
Frankly, if you are a covered entity and haven't done a HIPAA risk analysis, you are currently in breach of HIPAA. And have been since April 2005.
That's eight years this month. If you get audited for HIPAA, or audited for MU, or suffer a breach, how are you going to explain that?
Blogger: HIPAA Blog - Edit your Template