While the HIPAA Security Rule has been commonplace for health care providers, the Security Risk Analysis portion of the rule is the crucial, and often neglected, first step in meeting compliance. Not only is a Security Risk Analysis required to comply with general HIPAA regulations, it is also required to meet compliance with the EHR Incentive Program. The Security Risk Analysis should be updated or completed annually, at minimum.
It can be overwhelming for a practice to perform a full risk analysis. This is due in part to the highly technical and regulatory terminology used to describe best practices. Additionally, a thorough risk analysis could necessitate the allocation of additional staff to perform the task.
The Bienville Group has dedicated consultants who have done the research and are prepared to walk your practice through the risk analysis process, lessening the demands on your practice. The Bienville Group uses a four step approach aimed to provide the most thorough feedback for your practice:
- Inventory of Assets- Where is your PHI stored? TBG can help your practice identify where PHI is received, stored, or transmitted. Many devices and applications are often overlooked.
- Inventory of Business Associates- If you have entrusted your patient’s PHI to a Business Associate, it is important for your practice to track who has access.
- Administrative Questionnaire- The Bienville Group will take an objective look at the policies, procedures, and common practices within your group.
- Likelihood and Impact Analysis- TBG will evaluate the data from the inventories, questionnaire, policy and procedure to provide an output based on likelihood and impact. This document can be used to direct risk management processes.
Don’t risk your hard earned EHR Incentive payments to a failed audit. Let The Bienville Group assist your practice in meeting the Meaningful Use core measure and take a proactive approach to HIPAA Security Rule compliance.