HIPAA

HIPAAHealthcare providers, health plan providers and healthcare clearinghouses must be compliant with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. Whether you use a computerized physician order entry system (CPOE), electronic health records (EHR) or a multitude of other electronic-data transmission, you must follow the security standards to protect the electronic transmission of patient information. This protection must incorporate administrative, physical and technical safeguards to ensure the confidentiality, integrity and availability of electronic-protected health information.

A formal risk assessment is a requirment of the HIPAA Security Rule. As such, LBMC uses a standard industry recognized approach to conducting information security risk assessments based on the National Institute of Standards (NIST) Special Publication (SP) 800-66, which is also recognized as a valid method by the Centers for Medicare and Medicaid Services (CMS). The elements of this methodology include:

The end result of this project will not only serve to identify potential areas for remidiation, but also serve as a document that can be used to support compliance with the Risk Management Standard of the HIPAA Security Rule.