Meaningful use – Aegify https://www.aegify.com Comprehensive Security, Risk and Compliance Assurance Solution Tue, 05 May 2015 08:17:05 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.3 Meaningful Use Incentive Payments – OIG Audits Begin https://www.aegify.com/meaningful-use-incentive-payments-oig-audits-begin/ https://www.aegify.com/meaningful-use-incentive-payments-oig-audits-begin/#comments Tue, 05 May 2015 08:17:05 +0000 https://www.aegify.com/blog/?p=1081 The OIG (Office of Inspector General, US HHS Department) 2015 audits will focus on: Extent to which hospitals comply with the contingency planning requirements of HIPAA in terms of establishing policies and procedures for responding to any emergency or events that could compromise protected health information. How truly were the providers entitled to meaningful use…

The post Meaningful Use Incentive Payments – OIG Audits Begin appeared first on Aegify.

]]>
The OIG (Office of Inspector General, US HHS Department) 2015 audits will focus on:

  • Extent to which hospitals comply with the contingency planning requirements of HIPAA in terms of establishing policies and procedures for responding to any emergency or events that could compromise protected health information.
  • How truly were the providers entitled to meaningful use incentives and how effective is the oversight of CMS (Centers for Medicare & Medical Services) on security controls over networked medical devices integrated with EHR Systems
  • Adequacy of covered entities and business associates in securing electronic patient protected health information created or maintained by certified EHR technology and whether hospitals have conducted the required security risk analysis.

When you get an audit notice do you feel stressed? CMS audit rate is about 5% of facilities that have attested and according to Figliozzi and Co,  there’s a 4.7% failure for first time audits .

The reasons for failure could be due to some common myths surrounding the security risk analysis:

  1. One security risk analysis is good forever – No. HIPAA Compliance mandates that you review the security risk analysis periodically.
  2. My EHR vendor takes care of this – No. The EHR vendor is only responsible to provide you a certified system. Privacy and Security of your ePHI and having a complete security risk analysis conducted is solely your responsibility.
  3. The security risk analysis is optional for a small practice like mine – No.  Covered Entities, whatever the size, are required to conduct /review a complete security risk analysis under HIPAA guidelines.

Audit letters are being sent out by OIG for documentary evidence of compliance with the particular meaningful use measures such as calculation reports printed from the EHR system, and security risk analysis reports. A study by OIG found that the estimated incentive payment of $6.6 billion between 2011 and 2016 to professionals and hospitals is vulnerable that incentive payments could be made to those that do not fully meet the meaningful use requirements. OIG recommended in their November 2012 report that CMS should obtain and review documentation from selected professionals and hospitals and provide guidance on documentation procedures to establish and maintain compliance.

In submitting response to the question on meaningful use measures you would be confirming that  you have conducted or reviewed a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1) and implemented security updates as necessary and corrected identified security deficiencies as part of the risk management process.  The security risk analysis must be done at least once before the end of the reporting period being attested. Thereafter, you must review the security risk analysis before each reporting period that follows. All security deficiencies and/or breaches identified during a risk analysis must be comprehensively addressed.Covered Entities, irrespective of their size, must treat the requirement to conduct a security risk analysis as a license to practice.

Businesses across the healthcare industry and its verticals therefore need to scan their PHI assets and conduct security analysis besides ensuring meaningful use of the EHR. Aegify has been developed as a comprehensive security, risk and compliance management solution that not only addresses all of HIPAA compliance needs but also provides the covered entities with meaningful use attestation reports with proof of security and risk analysis. Further, Aegify automates HIPAA management through continuous workflow assessment cycle, and provides instant remediation measures to correct the security deficiencies, a trusted Solution by 70+ MSPs with thousands of customers. Aegify protects your assets, detects vulnerabilities proactively, and responds with appropriate remedial measures. Aegify is the only solution that unifies a comprehensive Security, Risk, and Compliance Assurance system.

A cloud-based Aegify walks you through simple steps in your risk analysis and management and helps you face the OIG audit on risk analysis through effective automated processes and documentation reports. Aegify Risk Framework is comprehensive:

Aegify – Continuous Monitoring Cycle

Slide 11 - Image

 

Aegify – Risk Management Model

Slide 17 - Image

The Aegify Risk Management Service meets the risk assessment methodology best practice as shown below:

Best practice Aegify Risk Management Service
System Characterization Manage Assets
Threat Identification
Vulnerability identification
Risk determination
Assessing risk levels
Configure risk settings
Control analysis
Control recommendations
Assess Compliance
Likelihood determination
Impact analysis
What-if analysis
Results Documentation Risk reports

Aegify’s automated risk management module helps you keep track of documents required as part of required evidences. Extensive report generation facilities provide online resource with the following simple steps.

Aegify1
1. Configure Risk Profile
  • Select Standards / Regulations against which the customer need to assess the organizational Risk.
  • Applicable controls to assets are identified based on the selected Risk Profiles here.
ma
2. Manage Assets
  • Add assets, manually or through automated scan-based asset discovery, or from an uploaded asset-list file.
  • Define Asset attributes for each asset.
  • Asses the security risk for each asset.
dash
3. View Dashboards/ Reports
  • View perspective-based security risk posture.
  • Generate risk reports for analysis.
risk
4. Assess Risk Controls
  • Publsih Risk Assessments or review risks from published and responded assessment.
  • Generate risk assessment report.
Do
5. Do What-if analysis
  • Simulate various risk scenarios by changing risk parameters.
  • View security posture at different levels of risk settings.
  • Prioritize remedial actions  based on what-if analysis.

6. Configure risk settings
  • Review and modify asset types.
  • Review risk scenario of each asset type and customize risk settings for different assets.
  • Work with various mitigation strategies in respect of non-compliant controls for meeting the regulatory control requirements.
  • Customize the list of ever-changing threat sources and vulnerabilities.

The default settings would normally be adequate in identifying and managing assets, assessing the risk levels of all or selected assets, assessing compliance to regulatory risk controls, and for doing detailed what-if analysis by changing various parameters in the risk assessment process. However, where risk configuration needs more customization to meet the specific characteristics of an organization the risk configuration settings provide the advanced customization options.

Offered as a cloud-based model, Aegify includes all security and IT GRC functions. Equipped with a built-in compliance framework that supports HIPAA, RBI, NSE, BSE, MCDEX, PCI, ISO, COBIT, FISMA and other country based ones, Aegify also has advanced alert and monitoring systems that makes it a complete end-to-end automation solution for all security, audit, compliance and risk management needs of an enterprise.

The post Meaningful Use Incentive Payments – OIG Audits Begin appeared first on Aegify.

]]>
https://www.aegify.com/meaningful-use-incentive-payments-oig-audits-begin/feed/ 1
Adopting a Guilt-Free Method to Demonstrate Meaningful Use of EHR https://www.aegify.com/adopting-guilt-free-meaningful-use-of-ehr/ https://www.aegify.com/adopting-guilt-free-meaningful-use-of-ehr/#respond Tue, 06 Jan 2015 07:04:33 +0000 http://www.egestalt.com/blog/?p=887 With digital technology entering the healthcare industry in many ways, there has been a need to ensure meaningful use of electronic health records and ensure privacy of such medical records. To promote this, the Medicare and Medicaid EHR Incentive Program offers financial incentives to the healthcare enterprises. However, to receive this incentive the CMS has…

The post Adopting a Guilt-Free Method to Demonstrate Meaningful Use of EHR appeared first on Aegify.

]]>
With digital technology entering the healthcare industry in many ways, there has been a need to ensure meaningful use of electronic health records and ensure privacy of such medical records. To promote this, the Medicare and Medicaid EHR Incentive Program offers financial incentives to the healthcare enterprises. However, to receive this incentive the CMS has established thresholds for professionals, hospitals and critical care centres when recording patient information as structured data and exchanging summary care records. Maintaining these thresholds will help them showcase how their certified EHR technologies are being put to “meaningful use”.

Even with meaningful use regulations being in use, there have been cases of fraud by the healthcare providers such as the one wherein the CFO of a leading hospital pleaded guilty to lying about meaningful use for Medicare payments. The former chief financial officer of Shelby Regional Medical Centre, Texas, now-closed, pleaded guilty to wrongly claiming EHR incentive money. Joe White, the CFO while overseeing the hospital’s EHR implementation, falsely attested to the Centre for Medicare & Medicaid Services that the medical centre met meaningful use requirements for the 2012 fiscal year. This helped them to receive $785,655 in payments while the hospital actually relied on paper records throughout the fiscal year of 2012 and only minimally used an EHR. This fraud involved software vendors and hospital employees who manually transferred data of patients who were already discharged into electronic health record at the end of the fiscal year.

Six Texas hospitals operated by the same individual were paid $16.8 million in meaningful use incentives for fiscal years 2011 and 2012 in this case. However, with federal govt rolling out dollars to providers to adopt electronic health record systems, there is a possibility of more cases such as this. Further, under the HITECH Act, to obtain financial incentives from Medicare or Medicaid, healthcare establishments and providers must submit detailed documents that attest to meeting the requirements for the program, including conducting a HIPAA security risk assessment.

While such frauds on the part of the Healthcare provider and hospitals work as a wakeup call, the federal authorities need to take action to crack down such abuse of HITECH Act. The Office of Inspector General demands eligible hospitals and critical access hospitals to demonstrate they’re using certified EHR technology in ways that can be measured significantly in quantity and in quality. The use of Aegify solutions will help these healthcare providers and hospitals to demonstrate meaningful use through simplified methods.

Aegify is a powerful, simple-to-use, cloud-based solution, that provides necessary expertise to assess, analyze and mitigate regulation risk and move towards on-going HIPAA/HITECH compliance. This tool help the healthcare providers demonstrate meaningful use of their EHR and help them secure federal grants.

The post Adopting a Guilt-Free Method to Demonstrate Meaningful Use of EHR appeared first on Aegify.

]]>
https://www.aegify.com/adopting-guilt-free-meaningful-use-of-ehr/feed/ 0
How can EP’s avoid being penalized for Meaningful Use failures in 2015 https://www.aegify.com/avoid-meaningful-use-penalties-in-2015/ https://www.aegify.com/avoid-meaningful-use-penalties-in-2015/#respond Thu, 01 Jan 2015 13:07:43 +0000 http://www.egestalt.com/blog/?p=891 The need for effective patient care has driven governments to move the healthcare industry into the digital world. To promote this among the eligible providers and stop the innumerable cases of data loss due to transfer of information on paper charts the government is giving incentives to those who adopt Electronic Health Records (EHR). However,…

The post How can EP’s avoid being penalized for Meaningful Use failures in 2015 appeared first on Aegify.

]]>
The need for effective patient care has driven governments to move the healthcare industry into the digital world. To promote this among the eligible providers and stop the innumerable cases of data loss due to transfer of information on paper charts the government is giving incentives to those who adopt Electronic Health Records (EHR). However, with 2014 being considered as the last year to apply for government incentives, come 2015, the eligible providers may face penalties that will accumulate over time. The Eligible Providers (EPs) therefore need to take up proactive steps towards meaningfully using their EHR technology.

Meaningful Use of EHR” is a Medicare and Medicaid program that awards incentives for using certified electronic health records (EHRs). This program enables healthcare providers to provide patients with improved patient care. However, to achieve the stamp of “Meaningful Use” and avoid any penalties these providers must follow the roadmap to effective usage of EHR not later than 2014. While this program encourages switch over to electronic records, it is not just the improved patient care but also includes improved efficiency and performance levels along with government incentives for the healthcare providers. The eligible healthcare providers who have not yet ventured into the meaningful use of EHR will be penalized in 2015 with a 1% equivalent to their Medicare Part B Reimbursement.

Staying away from penalties therefore calls for smart decision making. Moreover, to check on the EP’s attestation of meaningful use program and collection of incentives, government will be conducting random audits. The healthcare providers need to have in place all their documentation irrespective of whether it is in-house or outsourced. 2014 being the last year to begin MU and EHR incentive program, the EP’s not only lose out on $23,520 but will also be penalized in 2015.

Moreover, there are reports of CMS targeting 257,000 doctors with meaningful use penalties beginning January 5th, 2015. The EP’s need to therefore demonstrate that they have adhered to MU regulation since Oct 1, 2014 in order to avoid any penalty.

However, EP’s can still cut their losses by:

  • Building a dedicated MU team who can initiate and adhere to the regulations.
  • Demonstrating meaningful Use program prior to 2015.
  • Availing hardship exceptions for EP’s.
  • Making use of an integrated EHR or outsourcing services of specialist.

The Aegify solution through its simplified process will help EP’s achieve Meaningful Use status. Being a powerful, simple-to-use, cloud-based solution, Aegify provides all the necessary expertise to assess, analyze and mitigate regulatory risk while adhering to the on-going HIPAA/HITECH compliance. While this solution provides eligible professionals every means to secure the federal grant through tools that demonstrate meaningful use, it also helps them meet the industry-wide perspective of HIPAA compliance. Aegify SecureGRC, with its built-in assessment of meaningful use, produces reports that can be used for filing the online application for grant. This addresses the requirements relating to meaningful use core measures, menu measures, clinical quality measures, and in particular addresses requirement for eligible hospitals as well as for EP’s with respect to risk analysis.

The post How can EP’s avoid being penalized for Meaningful Use failures in 2015 appeared first on Aegify.

]]>
https://www.aegify.com/avoid-meaningful-use-penalties-in-2015/feed/ 0
Healthcare Industry gears up to meet the EHR Audits in the New Year https://www.aegify.com/healthcare-industry-gears-for-ehr-audits/ https://www.aegify.com/healthcare-industry-gears-for-ehr-audits/#respond Thu, 27 Nov 2014 12:03:28 +0000 http://www.egestalt.com/blog/?p=837 The HER audits are around the corner. The Centres for Medicare & Medicaid Services, to encourage healthcare providers to adopt electronic health record systems and ensure secure data sharing practices, brought forth the EHR incentive program. Even as the meaningful use incentive program was intended to encourage healthcare industry adopt digitalization of data, these providers…

The post Healthcare Industry gears up to meet the EHR Audits in the New Year appeared first on Aegify.

]]>
The HER audits are around the corner. The Centres for Medicare & Medicaid Services, to encourage healthcare providers to adopt electronic health record systems and ensure secure data sharing practices, brought forth the EHR incentive program. Even as the meaningful use incentive program was intended to encourage healthcare industry adopt digitalization of data, these providers who received EHR incentive payment under Medicare or Medicaid EHR Incentive Program were liable to audit. The Office of the Inspector General recently released their 2015 work plan which specifies that they will continue to pay closer attention to the healthcare industry’s use of electronic health records – in particular HIPAA security, EHR incentive payments and fraud. Preparing for audit of the digitized healthcare industry in the coming year, the Office of Inspector General has also requested $400 million FY 2015 budget, an increase of $105 million, and 284 additional full-time employees to help expand OIG audits and reviews, examining IT security, compliance and even electronic health records.

With the federal money flowing in the form of EHR incentive program, hospitals, providers, vendors and consultants are working their way to a meaningful use of EHR. Nevertheless, if a hospital or medical practitioner accepts the federal money to put EHR to meaningful use, they must also prove it by using appropriate electronic tools as per the norms put across by the Center of Medicare and Medicaid Services. Further, incidents such as those that occurred at Shelby Regional Medical Center in Texas, and Detroit Medical Center that led to heavy data leakage and financial loss, demands that the healthcare providers, their business associates and vendors consider meaningful use of electronic patient health records as a compliance requirement. In the wake of such requirement, the eligible professionals, hospitals, and critical access healthcare centres were asked to maintain relevant documentation to support this activity.

Besides, as Daniel R. Levinson, U.S. inspector general points out, among the important changes that are taking place across the healthcare industry there is an emphasis on coordinated care and increased use of electronic health records. The OIG will therefore need to adopt oversight approaches that are suited to an increasingly sophisticated healthcare system and also customizable to protect programs and patients from existing and new vulnerabilities. The OIG audits till date have discovered that the state agency overpaid 13 hospitals, $3.1 million in federal EHR cash. The payment errors were found to be the result of unclear and incorrect patient volume calculations. Further, nearly 80 % of the state’s hospitals analyzed in the audit also failed to comply with federal regulations.

By 2015, OIG will therefore need to leverage data analytics and “forensic enhancements” to investigate the increasingly sophisticated healthcare frauds, including the electronic health records in the process.

The OIG authorities will not only perform audits of various covered entities receiving the EHR, but will also look into factors such as:

  • Identify EHR system fraud and determine if  EHR systems address vulnerabilities
  • Review Medicaid and Medicare EHR incentive payments
  • Analyze the IT security of community health centers funded by the Health Resources and Services Administration.
  • Regular review of the Centers for Medicare & Medicaid Services health information technology systems to cross check on necessary security controls.

Besides these, conducting mock audits will help the healthcare providers to stay prepared to face both pre-payment and post-payment audits. However, it is also prudent for enterprises to implement a comprehensive and an effective solution. Security solution like the Aegify Security Posture Management or Aegify SecureGRC offered by the leading service providers of IT Risk and Compliance management solutions will help the healthcare establishments to achieve meaningful use status with ease, while ensuring a near to nil breach of security protocol.

The post Healthcare Industry gears up to meet the EHR Audits in the New Year appeared first on Aegify.

]]>
https://www.aegify.com/healthcare-industry-gears-for-ehr-audits/feed/ 0
Smart ways to prepare for Possible ‘Meaningful Use’ Audits https://www.aegify.com/prepare-for-possible-meaningful-use-audits/ https://www.aegify.com/prepare-for-possible-meaningful-use-audits/#respond Mon, 03 Nov 2014 10:21:59 +0000 http://www.egestalt.com/blog/?p=824 Information Technology breakthroughs paved way for wide use of Information management systems in the healthcare sector, transforming the healthcare system for improved patient care and cost reduction. However, the increase in patient’s vital information being collected and stored in hospitals and other healthcare establishments, turned as a prime target for cyber criminals causing hospitals to…

The post Smart ways to prepare for Possible ‘Meaningful Use’ Audits appeared first on Aegify.

]]>
Information Technology breakthroughs paved way for wide use of Information management systems in the healthcare sector, transforming the healthcare system for improved patient care and cost reduction. However, the increase in patient’s vital information being collected and stored in hospitals and other healthcare establishments, turned as a prime target for cyber criminals causing hospitals to face increasing data breaches, despite stringent security regulations.

Medical records being shared electronically brought in increased need to ensure data control. Even though the HIPAA Act was enacted, the HITECH Act was further designed to enforce HIPAA regulations and provide tools to standardize the interchange of electronic data and accelerate security and confidentiality of electronic health information. Furthermore, to ensure that the health care providers and their business associates deploy comprehensive electronic health Records (EHR) by 2015 and be compliant to HIPAA, the American Recovery and Reinvestment Act (ARRA) designated $20.2 billion for IT healthcare through the HITECH Act for enterprises, facilitating the “meaningful use” of “certified” electronic medical records.

Government also instituted the “meaningful use” EHR Incentive Program (MU) to ensure more and more health care organizations and providers make use of EHR. With “Meaningful use” describing the benefits of health information technology for improvements in healthcare and secure information exchange among health care professionals, it was necessary for Health Care Organizations and providers to meet the MU criteria every year to receive the incentive. Also every provider who receives an electronic health record (EHR) incentive payment is subject to audits. And according to HITECH Act, healthcare enterprises who have failed to achieve “meaningful use” standard by 2015 would be penalized.

The health care providers should therefore take proactive steps to avoid a Meaningful Use audit, or armed to successfully defend one’s attestations. Experts list out various steps to prepare for a possible audit:

  • Make collection, storing and documentation an ongoing process
  • Store the Meaningful Use documentation in a central location with a proper backup
  • Assign Meaningful Use to a team for continuous monitoring and reviewing of the progress
  • Look for new developments in the Meaningful Use audit process
  • Maintain a minimum of six years documents past attestation
  • Try to avoid and eliminate the red flags that might increase the likelihood of an audit
  • Check patient mix before attesting to Medicaid Meaningful Use
  • have a Meaningful Use audit committee in place
  • Ensure that even the staff identifies and understands Meaningful Use audit letter

Nevertheless, use of Aegify greatly simplifies the method of achieving ‘Meaningful Use’. This cloud based solution is not only easy to use but is also powerful and provides healthcare professionals necessary expertise to assess, analyze, mitigate any risks and be HIPAA and HITECH compliant. Moreover, it also helps doctors and providers to demonstrate meaningful use and helps them secure the federal grants and reimbursements ranging from $44,000 up to $2 Million as per the MU EHR incentive program.

Aegify SecureGRC compliance management has built-in tools for assessment of meaningful use and produces a ready-to-use report for applying for the grant. With a detailed list of risk parameters and controls, Aegify meaningful use reports addresses the requirements of meaningful use across various measures, making it easy for eligible hospitals and providers to apply for grants and meeting the meaningful use objectives.

The post Smart ways to prepare for Possible ‘Meaningful Use’ Audits appeared first on Aegify.

]]>
https://www.aegify.com/prepare-for-possible-meaningful-use-audits/feed/ 0
Understanding Meaningful-Use Audits and ways to withstand it https://www.aegify.com/understanding-meaningful-use-audits/ https://www.aegify.com/understanding-meaningful-use-audits/#respond Fri, 24 Oct 2014 10:45:58 +0000 http://www.egestalt.com/blog/?p=819 As the healthcare industry moved from being paper based to technology dependent, it did so in various areas and created silos of information that was difficult to communicate across offices of other providers. While technological breakthroughs had taken other industries far ahead, the healthcare industry was yet to be completely techno savvy. The concept of…

The post Understanding Meaningful-Use Audits and ways to withstand it appeared first on Aegify.

]]>
As the healthcare industry moved from being paper based to technology dependent, it did so in various areas and created silos of information that was difficult to communicate across offices of other providers. While technological breakthroughs had taken other industries far ahead, the healthcare industry was yet to be completely techno savvy. The concept of ‘meaningful use’ of vital data acted as the catalyst for change in the adoption of technology among the health care organizations.

"Meaningful use" describes the use of health information technology for improvements in healthcare and aims towards information exchange among health care professionals. However, to become "Meaningful users", providers need to demonstrate they’re using certified EHR technology in ways that can be measured significantly in terms of quantity and in quality. Moreover, the providers should know that adopting certified EHR technology helps them to achieve specific objectives such as:

  • Quality, safety, efficiency in health records, and reduction in health disparities
  • Care coordination and public health
  • Privacy and security of Patient Health Information (PHI)
  • Quality research data on health systems

Even though the US government implemented the mandatory requirement of HIPAA and HITECH Act compliance, the stage 1 of meaningful use allowed the existence of electronic medical record vendors to help healthcare professionals meet the government regulations. While most healthcare enterprises used technology to ease out information interchange for the benefit of the patients, there were still large number of medical practitioners and hospitals that had not moved towards the meaningful use program.

The US department of Health and Human Services then set aside a $28 billion stimulus fund as meaningful-use grant. To qualify for these incentive payments the healthcare organizations had to conduct a mandatory security risk analysis in accordance with the requirements under HIPAA regulation and generate meaningful use reports. Besides, the Centers for Medicare & Medicaid Services (CMS) were authorized to cross check them through audits. Since the authorities conduct these audits on the basis of certain red flags that trigger the same, the stakes are high and providers should have a clear idea of what they can expect from meaningful use audits which includes:

  • purpose of the audits- verification of the electronic documents
  • what the audit agencies look for – the suspicious or anomalous data
  • The audit process
  • Electronic or paper documentation that needs to be produced to support attestation

Even if CMS audits only 5% of all providers to ensure meaningful use of electronic health records, this will amount to 20,000 providers. As healthcare provider one is expected to return the entire incentive payment for that year and will also be automatically scheduled for next audit in case of failure even in just one element of a Meaningful Use audit.

To protect from such a high stake situation you can make use of Aegify SecureGRC solutions that will generate a detailed meaningful-use report which includes HIPAA compliance and security gaps. Since Aegify portrays the results of risk analysis by scanning your network, it not only identifies and discovers all HIPAA critical IT assets that capture, process, store or transmit PHI, and their security vulnerabilities but also provide remediation guidance to fix any gaps found.

The post Understanding Meaningful-Use Audits and ways to withstand it appeared first on Aegify.

]]>
https://www.aegify.com/understanding-meaningful-use-audits/feed/ 0
Is Your Patient Data Secure? You Can Ensure That It Is – With These Tips for Successful ‘Meaningful Use’ Security Risk Analysis https://www.aegify.com/tips-for-ensuring-successful-patient-data-security/ https://www.aegify.com/tips-for-ensuring-successful-patient-data-security/#respond Wed, 16 Jul 2014 07:08:56 +0000 http://www.egestalt.com/blog/?p=766 The lesson to be learned from recent audits – security risk analysis is imperative for all health care enterprises. And this is a measure that cannot be taken lightly! The responsibility of protecting confidential patient data rests with healthcare enterprises and not EHR vendors. That is all the more reason why no organization can afford…

The post Is Your Patient Data Secure? You Can Ensure That It Is – With These Tips for Successful ‘Meaningful Use’ Security Risk Analysis appeared first on Aegify.

]]>
The lesson to be learned from recent audits – security risk analysis is imperative for all health care enterprises. And this is a measure that cannot be taken lightly! The responsibility of protecting confidential patient data rests with healthcare enterprises and not EHR vendors. That is all the more reason why no organization can afford to ignore the consequences of a data loss!

Meaningful use‘ risk analysis is critical to your compliance program. Organizations and professionals that fail to conduct a proper risk analysis expose themselves to fines, lawsuits, and loss of incentive funding. A preemptive security risk analysis is thus vital to prevent your healthcare practice from falling victim to a security breach.

Of course meeting this requirement is logical and simple – just embrace the analysis as a way to identify threats and protect electronic health information. Here’s what you can do to ensure that data loss is effectively plugged in breach-prone areas:

Portable devices

Unencrypted patient data on portable devices like a laptop, Smartphone, PDAs are plain disasters waiting to happen! Thefts, stolen devices, unattended devices are common occurrences. Ensure that patient data is encrypted regardless of the device it resides in.

PC desktops

Again, the same worry of unauthorized access. Desktops need to be locked and workstations moved away from the view of people standing in line.

Paper/Fax/Email

To ensure that they don’t get into the wrong hands, all paper records containing patient information need to be shredded. Patient information can be compromised when data is faxed to the wrong number, or emailed to a wrong recipient. Slow down & pay attention.

Children

Take extra care with medical records of patients younger than 18 years. The state regulations vary; so stay abreast of the federal and your state’s rules.

Besides this, you could also adopt a comprehensive platform like Aegify Security Posture Management, Aegify Risk Manager or Aegify SecureGRC. These solutions from eGestalt come with the capability to perform a detailed risk analysis using a sophisticated model, supporting you through the processes of security risk analysis.

The post Is Your Patient Data Secure? You Can Ensure That It Is – With These Tips for Successful ‘Meaningful Use’ Security Risk Analysis appeared first on Aegify.

]]>
https://www.aegify.com/tips-for-ensuring-successful-patient-data-security/feed/ 0