ARRA HITECH invokes the HIPAA Administrative Simplification Regulation 45 CFR Part 164.308(a)(1) as a requirement for protecting patient information. Under this act, each covered entity must implement a security management process that includes policies and procedures to prevent, detect, contain, and correct security violations. Specifically, the regulation stipulates that there must be a risk analysis, a risk management program, a sanction policy, and an information system activity review. So how do you know that you are on the right track with your organization’s security management process? There is some high level guidance in the regulation itself, but it generally does not provide the level of implementation assistance that would provide practical advice. So for each of the areas of 164.308(a)(1), we have identified examples of what a risk assessor would be looking for to validate the appropriate level of compliance.
Your Subtitle text
Everything HITECH Blog
Show me the Hidden Requirements in Meaningful Use!
Read the list of ARRA HITECH Requirements. You can find them most anywhere these days. And on the surface, they don’t look all that hard. In many cases, what you see is what you get … they are fairly straight forward. And we have good vendor software, certified to do all we ask of it.
But as we’ve worked with MUM Subscribers, we’ve uncovered some cases where extra work pops up … beyond what might be obvious. The last thing any of us want, is to get well into our reporting period, and find that we are not compliant because of some tiny oversight. So we thought that in this article, we would share a couple we’ve seen, and maybe some other folks will chime in with observations of their own.
We hope you enjoyed these sample articles from our Blog Site at EverythingHITECH.com. Click here to see the full site, and join in on the conversation! We dig a little deeper and provide insights into some of the practical aspects.
