« Medicare says a physician MAY bill incident to another physician’s services | Main | Update buy-sell agreements to sidestep conflict when physicians leave »

March 16, 2012

When was last time your medical practice had a HIPAA risk assessment?

As you are probably aware, the government has begun the first round of HIPAA compliance audits - these audits have included physician practices. So the million dollar question is: Is your medical practice really in HIPAA compliance? I find most are not even though they think they are.

A good first step to HIPAA compliance is to conduct an internal HIPAA risk assessment. At a minimum, a risk assessment must include these questions:

• What types of protected health information (PHI) do we possess, receive, store or transmit?

• How sensitive is this data in what it reveals about patient medical conditions, procedures, diagnoses and prescriptions? Data about sexually transmitted diseases, sexual health, pregnancies and mental health are considered especially sensitive.

• How valuable or desirable might this data be to criminals? Inclusion of social security numbers, mother's maiden names, home addresses, payment details and long-term medical history are considered sensitive because they can be used by criminals to commit financial and healthcare fraud.

What steps and procedures are in place in our medical practice right now to protect the PHI we possess, receive, store or transmit?

• Finally, what additional steps, procedures, or technologies are necessary to bring our data protections into line with generally accepted information-technology standards or with National Institute of Standards & Technology (NIST)?

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451b7e869e2016763de12d4970b

Listed below are links to weblogs that reference When was last time your medical practice had a HIPAA risk assessment?:

Comments

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.