Despite how technology has positively changed the healthcare landscape, we live in an age of security breaches that compromise your credibility and reputation. Take the report on Feb. 17, 2016, about a random attack on Hollywood Presbyterian Medical Center that held all their hospital data hostage for a ransom of $2.6 million. Electronic Health Records (EHR) and Electronic Medical Records (EMR) have taken patient care to a whole new level, but have introduced new risks and compliance guidelines. Smaller and midsize institutions in particular need to make strategic choices when moving to electronic filing to secure information and achieve HIPAA compliance.
HIPAA is the Health Insurance Portability and Accountability Act passed by Congress in 1996. It sets the standard for protecting sensitive patient data through electronic billing and other processes. It requires that any company dealing with protected health information (PHI)—including healthcare providers, emergency medical clinics, dental offices, nursing homes, as well as business associates that include IT service providers, shredding companies, documents storage companies, attorneys, accountants, collections agencies and more—meet HIPAA compliance rules and ensure that all required physical, network and process security measures are in place and followed. Covered entities are required to perform a risk assessment that evaluates the likelihood and impact of potential risks to PHI, implements appropriate security measure to address these risks, documents these security measures and maintains continuous security protections.
Our HIPAA Security trained and certified team takes good care of you, empowering your caregivers and administrators to focus on patients while practicing within the HIPAA regulations. Compliance isn’t a one-time activity, it’s an on-going process, requiring regular reviews to track access to PHI and detect security incidents, as well as periodic evaluations of security measures and potential risks. Framework is with you every step of the way. Choose a one-time assessment or make compliance part of an on-going managed services program—whatever best fits your budget.
Every major data breach enforcement of HIPAA, some with penalties over $1 million, have cited the absence of, or an ineffective Risk Analysis as the underlying cause. It’s the foundation for the entire HIPAA security program. Framework Communications runs a Risk Analysis for you, or updates it at least annually, more often if anything significant changes. It identifies the locations of electronic Protected Health Information (ePHI,) vulnerabilities to the security of the data, threats, and estimates both the likelihood and impact of a threat. The Risk Analysis helps identify the locations of protected data, how the data moves, what protections are in place and where there’s a need for more. The end results of our Risk Analysis is a list of items that must be resolved to ensure the security and confidentiality of ePHI.
Based on the findings in the Risk Analysis, Framework creates a Risk Management Plan to minimize, avoid or respond to risks. This plan goes beyond gathering information, to prioritize risks and appropriately allocate money and resources to ensure identified issues are solved. The plan defines the strategies and tactics needed to address your risks.
Your plan will include specifics on how to:
You can breathe easy knowing Framework performs HIPAA compliance assessments that can stand up to any government audit or review, takes timely action to address any gaps, provides and monitors policies and procedures, and keeps up with changes to make sure you’re prepared and protected.