HIPAA COMPLIANCE for HEALTH CARE PROVIDERS
We can help!
Working with Your EHR and Health IT Developers
When my health IT developer installs its software for my practice, does its implementation process address the security features listed below for my practice environment?
Will the health IT developer train my staff on the above features so my team can update and configure these features as needed?
How much of my health IT developer’s training covers privacy and security awareness, requirements, and functions?
Cybersecurity
This is the second dart of your data security.
Cybersecurity refers to ways to prevent, detect, and respond to attacks against or unauthorized access against a computer system and its information. Cybersecurity protects your information or any form of digital asset stored in your computer or in any digital memory device. It is important to have strong cybersecurity practices in place to protect patient information, organizational assets, your practice operations, and your personnel, and of course to comply with the HIPAA Security Rule. 61 Cybersecurity is needed whether you have your EHR locally installed in your office or access it over the Internet from a cloud service provider. This is having a Managed Firewall in place.
Excerpt From:
The Office of the National Coordinator for Health Information Technology
Guide to Privacy and Security of Electronic Health Information
Version 2.0 April 2015
We can provide you with the documentation and reports you are required to have.
We can then help re mediate any changes that need to be make to secure your systems and data and to ensure ongoing HIPAA Compliance.
When my health IT developer installs its software for my practice, does its implementation process address the security features listed below for my practice environment?
- ePHI encryption
- Auditing functions
- Backup and recovery routines
- Unique user IDs and strong passwords
- Role- or user-based access controls
- Auto time-out o Emergency access
- Amendments and accounting of disclosures
Will the health IT developer train my staff on the above features so my team can update and configure these features as needed?
How much of my health IT developer’s training covers privacy and security awareness, requirements, and functions?
- How does my backup and recovery system work?
- Where is the documentation?
- Where are the backups stored?
- How often do I test this recovery system?
Cybersecurity
This is the second dart of your data security.
Cybersecurity refers to ways to prevent, detect, and respond to attacks against or unauthorized access against a computer system and its information. Cybersecurity protects your information or any form of digital asset stored in your computer or in any digital memory device. It is important to have strong cybersecurity practices in place to protect patient information, organizational assets, your practice operations, and your personnel, and of course to comply with the HIPAA Security Rule. 61 Cybersecurity is needed whether you have your EHR locally installed in your office or access it over the Internet from a cloud service provider. This is having a Managed Firewall in place.
Excerpt From:
The Office of the National Coordinator for Health Information Technology
Guide to Privacy and Security of Electronic Health Information
Version 2.0 April 2015
We can provide you with the documentation and reports you are required to have.
- HIPAA Policies & Procedures
- HIPAA Risk Analysis
- HIPAA Risk Profile
- HIPAA Management Plan
- Evidence of HIPAA Compliance
- Disk Encryption Report
- File Scan Report
- User Identification Report
- Computer Identification Report
- Network Share Identification Worksheet
We can then help re mediate any changes that need to be make to secure your systems and data and to ensure ongoing HIPAA Compliance.