• Formulary WatchFormulary Watch
  • Managed Healthcare ExecutiveManaged Healthcare Executive
  • Medical Economics
  • Physicians PracticePhysicians Practice
Medical Economics
Medical Economics
Spotlight
View MoreCardiovascular Clinical ConsultChronic ConditionsConcierge MedicineCOVID-19Diabetes Awareness MonthInfluenzaInsulin Therapy in Type 2 DiabetesIntimate Health Solutions to Support Her Through Life’s JourneysPatient RelationsSexual HealthVaccines
News
All News
Careers
Industry News
Legal
Money
Opinion
Practice Management
Technology
Media
Around the Practice
Expert Interviews
Medical Economics Pulse
Medical World News
Off The Charts Podcasts
Conferences
Conference Coverage
Conference Listing
Publications
Medical Economics
CME/CE
Resources
Job Board
Sponsored Resources
Subscribe
eNewsletter
Print Subscription
  • Advertise
  • Contact Us
  • Editorial
  • Job Board
  • Terms and Conditions
  • Privacy Policy
  • Do Not Sell My Personal Information

© 2021 MJH Life Sciences and Medical Economics. All rights reserved.

SpotlightSee All >
  • Cardiovascular Clinical Consult
  • Chronic Conditions
  • Concierge Medicine
  • COVID-19
  • Diabetes Awareness Month
  • Influenza
  • Insulin Therapy in Type 2 Diabetes
  • Intimate Health Solutions to Support Her Through Life’s Journeys
  • Patient Relations
  • Sexual Health
  • Vaccines
  • Advertise
  • Contact Us
  • Editorial
  • Job Board
  • Terms and Conditions
  • Privacy Policy
  • Do Not Sell My Personal Information
  • MJHLS Brand Logo

© 2021 MJH Life Sciences™ and Medical Economics. All rights reserved.

Physicians: Don't skip your security risk assessment

May 25, 2016

Until they’ve opened a letter from the Office of Civil Rights (OCR) notifying them that their practice is being audited for HIPAA compliance, many physicians don’t realize the gravity of the situation their practices may be facing.

Until they’ve opened a letter from the Office of Civil Rights (OCR) notifying them that their practice is being audited for HIPAA compliance, many physicians don’t realize the gravity of the situation their practices may be facing. 

In those cases, physicians must confront the possibility that their practice has done  only a bare-bones risk assessment. The electronic protected health information (ePHI) that sits on a practice’s network may be vulnerable to a security breach because the leaks haven’t been plugged. And  a steep OCR fine for noncompliance can be waiting around the corner. 

A thorough risk assessment will help a practice identify the additional security and procedures needed to help reduce the risk of patient data breaches and to satisfy auditors. Here are steps practices can take to protect patient information-and pass an audit.

Don’t put off your internal audit

Inventory where patient information is stored, accessed, or transmitted. 

Most physicians think their EHR is their only repository of patient records but patient information can be in a word document or spreadsheet as a billing report. Patient information could also be in emails or text messages. 

 

Evaluate common threats to patient information

The likelihood of a threat and the impact of the threat if it occurs should also be analyzed. How are practices protecting information in the case of fire or flood, or lost or stolen laptops containing patient information, or sending emails to the wrong patient? 

Again, have a policy in place and make sure patient information is secure and protected if it’s stored on a laptop and the physician takes it home. 

Acquire additional security

A  security risk assessment will identify additional security measures to reduce the likelihood of a threat and its impact. 

Identify access

Track access to ePHI and patient data to detect unauthorized access.

Encrypt your data 

Don’t just protect against attacks but help alleviate any potential penalties as auditors will take into account whether a practice did all it could to protect the data. 

Related Content:

OpinionLegal
Top 10 ways hospitals are not compliant with new CMS price transparency rules
Top 10 ways hospitals are not compliant with new CMS price transparency rules
How often should you review your insurance coverage?
How often should you review your insurance coverage?
Free COVID-19 law, ethics webinar tomorrow
Free COVID-19 law, ethics webinar tomorrow