DOTmed Home MRI Oncology Ultrasound Molecular Imaging X-Ray Cardiology Health IT Business Affairs
News Home Parts & Service Operating Room CT Women's Health Proton Therapy Endoscopy HTMs Pediatrics
SEARCH
Ubicación actual:
>
> This Story


Conexión o Registro to rate this News Story
Forward Printable StoryPrint Comment
advertisement

 

advertisement

 

Health IT Homepage

New survey warns healthcare vulnerable due to legacy operating systems As Microsoft phases out old products, the install base remains

Verasonics settles legal dispute over software with SuperSonic Imagine Alleged patent infringement and misappropriate of trade secrets

Five tips for launching a successful virtual care program Telemedicine is revolutionizing the healthcare landscape

Surgical Theater showcases first 360-degree AR patient engagement solution Enables users to walk 'inside' specific anatomy of patient

Smart communication with real-time situational awareness can help hospitals counter safety risks

Lack of AI security puts IoT medical devices in danger of cyberattacks New report highlights evolving risks in healthcare

New DICOM design flaw spells potential risks for image storing and sharing Enables hiding, protection and spread of malware

HDOs: Address IoT security governance today for a more secure tomorrow Implementing a solid program is the best defense against attack

VisualDx to develop decision support platform for ultrasound in space Provide basic guidance on ultrasound interpretation

HHS releases second draft of TEFCA for nationwide interoperability Requirements for sharing electronic health information

Three recommendations to better understand HIPAA compliance


The risk analysis is a required control, as defined in audit protocol. Without conducting a thorough and comprehensive risk analysis, a healthcare organization cannot identify applicable threats and vulnerabilities that allow for them to take corrective action. Completing a thorough risk analysis provides insight into the organization's security position, and allows for change before an audit takes place. Risk analysis should also be updated at least annually to ensure they reflect current operational practices.

To begin, an organization should document any ePHI (Electronic Personal Health Information) transmitting or processing services. This includes any business associates or employees that receive and use the ePHI. It’s important to evaluate all aspects of the organization’s operation to verify all uses and disclosures of ePHI are identified. Don’t assume that your IT shop is aware of all of your uses and disclosures, inquire of all of the operational areas of your organization.
Story Continues Below Advertisement

THE (LEADER) IN MEDICAL IMAGING TECHNOLOGY SINCE 1982. SALES-SERVICE-REPAIR

Special-Pricing Available on Medical Displays, Patient Monitors, Recorders, Printers, Media, Ultrasound Machines, and Cameras.This includes Top Brands such as SONY, BARCO, NDS, NEC, LG, EDAN, EIZO, ELO, FSN, PANASONIC, MITSUBISHI, OLYMPUS, & WIDE.




The Risk Assessment should evaluate the security, use and disclosure of PHI against HIPAA’s privacy, security and breach notification implementation specifications.

3. Develop an action plan and a response toolkit
For many healthcare organizations, the question is not if they will receive a HIPAA audit or an OCR investigation, but when. The OCR, which is responsible for completing HIPAA audits, will contact the organization. The OCR will further ask for a variety of documents and data. Once these documents and data are reviewed, the OCR will send the organization a preliminary copy of its findings. This preliminary report gives healthcare organizations the opportunity to respond to the OCR, and have its responses included in the final report.

From the final report, the OCR will determine if an organization was in compliance of HIPPA and, if not, where an organization was lacking. If an organization was not in total compliance, the OCR will provide corrective action and technical assistance the organization can use to work toward compliance.

Developing an action plan and evaluating the organization’s information security against the OCR audit protocol to develop an audit response toolkit will leave organizations with practical actions that serve their best interest, eliminate mistakes, and mitigate risk.

Carol Amick
About the Author: Carol Amick is an experienced healthcare compliance professional with over 20 years of experience in healthcare. After starting her career at HCA she moved on to become a compliance consultant for a “Big 4” accounting firm and has since served as the internal audit director, compliance director and privacy officer for several healthcare providers. Carol has worked with post-acute care, outpatient, and acute care providers to develop and implement effective compliance programs. During her time as compliance and privacy director, Carol has led numerous investigations into PHI breaches and responded to outside investigations by the OCR, OIG and other regulatory agencies.

Carol has extensive experience in helping organizations ensure compliance with the complex healthcare regulations, and with responding to regulatory audits and investigations. She currently serves as the manager of Health Care Services at CompliancePoint.

Back to HCB News
<< Pages: 1 - 2

Health IT Homepage


You Must Be Logged In To Post A Comment

Anuncie
Aumente su conciencia de marca
Subastas + ventas Privadas
Consigue el mejor precio
Comprar Equipo/Piezas
Encuentra El Precio Más Bajo
Noticias diarias
Lee las últimas noticias
Directorio
Examina todos los usuarios DOTmed
Ética en DOTmed
Ver nuestro programa de ética
El oro parte programa del vendedor
Recibir las solicitudes de PH
Programa de distribuidor con servicio gold
Recibe solicitudes
Proveedores de atención de salud
Ver todos los HCP (abreviatura de asistencia médica) Herramientas
Trabajos/Entrenamiento
Encontrar/rellenar un trabajo
Parts Hunter +EasyPay
Obtener presupuestos para piezas
Certificado recientemente
Ver usuarios certificados recientemente
Recientemente clasificado
Ver usuarios certificados recientemente
Central de alquiler
Alquila equipos por menos
Vende equipos/piezas
Obtén más dinero
Mantenga el foro de los técnicos
Buscar ayuda y asesoramiento
Petición sencilla de propuestas
Obtén presupuestos para equipos
Feria comercial virtual
Encuentra servicio para el equipo
El acceso y el uso de este sitio está conforme a los términos y a las condiciones de nuestro AVISO LEGAL & AVISO DE LA AISLAMIENTO
Característica de y propietario DOTmeda .com, inc. Copyright ©2001-2019 DOTmed.com, Inc.
TODOS LOS DERECHOS RESERVADOS