By Todd Greenberg, Member, GSG Compliance LLC
EHR and IT networking companies both play a critical role assisting medical practices and hospitals in achieving Meaningful Use. However, HIPAA Security of your patients’ health records is NOT their responsibility –it is the practice’s (the Covered Entity or CE). In creating Electronic Patient Health Information (ePHI), CE’s must take precautions to secure and protect each and every health record. Whether CE’s are attesting for Meaningful Use or not, they will need to confirm that they have completed the required privacy measures as outlined by Health & Human Services (HHS) and the Office for Civil Rights (OCR). However, many HIPAA Audits and Breach Investigations are uncovering that most CE’s have NOT completed the necessary steps to not only protect ePHi but also shield themselves from potential financial or criminal penalties. Practices, at the very minimum, need to make sure they have conducted a Security Risk Assessment, completed a Corrective Action Plan, installed and documented HIPAA Informational Security Policies, obtained updated and current Business Associate Agreements and provided HIPAA training to their staff. HIPAA compliance is a journey not a destination. Finding the right 3rd party to help you along the journey will be important.
For more information and a HIPAA Compliance road map, contact Todd Greenberg at GSG Compliance LLC . www.gsgcompliance.com 877-270-8306