Chat with us, powered by LiveChat

Demystifying HIPAA Security Risk Analysis

Steven Marco

As a business owner, my professional conversations with physicians run the gamut, from how my business services can solve their problems, to exchanging ideas and best practices, and offering support in starting and growing a business. I get the feeling that physicians running a medical practice often feel like they have a target on their back because staffing, management, regulations, documentation, and reimbursement have become such big parts of medicine.

Building a business requires tremendous time, money and effort in order to become profitable.  The compliance landscape shifts and evolves.  Today, a HIPAA Security Risk Analysis has become paramount for almost any medical practice to collect state and federal reimbursements.  An often overlooked benefit, however, is the Security Risk Analysis, which can improve the efficiency and professionalism of these same practices.

But how does complying with HIPAA help?

First, HIPAA Security is greatly misunderstood.  HIPAA was originally conceived because patients were not able to access their own health information.  Today, HIPAA enforcement is the main driver to ensure we don’t mishandle or otherwise treat patient’s protected health information (PHI) with neglect—willful, or not.

Many practices believe that if they complete a quick checklist or perform a risk assessment with an auditor on the phone and get a final report, they are done and have “checked the box.”    Like doing a fast tax-return, this quick approach diminishes the value of HIPAA. If embraced, HIPAA’s Security Risk Analysis checklist of best practices provides ongoing benefits, such as:

Staff morale:Improve morale

  • Policies and Procedures establish a code of conduct on how staff should represent the clinic in day-to-day interactions with patients.
  • Guidance on handling patients, staff, processes and technology provides operational clarity
  • Assurance that the IT department makes Electronic Medical Records available (e.g. performance, backups and recovery), complete, accurate and confidential.
  • A clear baseline on how to handle all aspects of patient releases, authorizations, business associates and internal operations.

Technology:Improve technology

  • One aggregated place for information about patient visits can contribute to population health research and disease management.
  • Encryption of laptops, desktops, smartphones and all portable media can reduce the risk of having to report a breach by up to 68% (according to OCR breach data for theft, loss and improper disposal).
  • Meaningful Use provides incentives and ongoing reimbursements (soon to become MACRA).

Clinic appearance:Improved appearance

  • Staff attire, name badges and a proper patient waiting area separate from the clinic complies with HIPAA and improves the professional look and feel of the clinic.
  • Training and employee awareness reinforces policies and procedures which drives improved moral and reduces risk to the clinic.

The Bottom Line:

Conducting a HIPAA Security Risk Analysis covers Administrative, Technical and Physical (PAT) safeguards and provides a snapshot into where the clinic is performing well and where improvements are needed.  If a HIPAA Security Risk Analysis is the snapshot, then the “moving picture” is the ongoing process of improving gaps in compliance, not only to reduce the chances of a security breach but also to improve the efficiency of the health care organization.   For a quick 5-minute assessment, take our high-level HIPAA Security Assessment quiz and see how your practices measures-up to the the top 13 HIPAA items typically missed.  Contact us today to learn how to get more of a return on investment in HIPAA than simply, “checking the box”.

Speak Your Mind

*