Does your organization meet all the requirements of 45CFR, Parts 160-164 (HIPAA) and Section 13404 of the HITECH ACT (42USC 17934), for ensuring the security of protected health information (PHI)?
In any form, Rehmann's Healthcare Management and IT Consulting advisors can assist you in that determination. We conduct our comprehensive HIPAA risk assessment by looking at the security and processes for all forms of PHI – verbal, paper, electronic (ePHI), email and fax.
Rehmann's operational review incorporates the following:
- Evaluating the security of PHI during patient flow, from scheduling and check-in to clinical areas and checkout. This analysis also includes contact with patients who are outside of the office.
- Review of Consent, Authorization and Release of Records documents to ensure compliance with the most current regulations.
- Review of Personnel Policies and forms for compliance with the most current requirements.
- Practice use of Business Associate and Trading Partner Agreements and whether those documents have incorporated the changes mandated in 2013.
- Operational Contingency Plans.
- Review of Policies and Procedures pertaining to HIPAA such as Patient Record Access, Need to Know and Breach Disclosure Notification Policies.
- Off-site use of office equipment and access to PHI by employees.
IT security assessment
Our IT security assessment review assesses required elements for the security of ePHI as mandated by Meaningful Use stages I and II:
- Identifying assets
- Recognizing potential threats and vulnerabilities
- Documenting existing security measures
- Determining the likelihood of threat occurrence
- Identifying the potential impact of any threats.