By Carol Amick, manager of healthcare services, CompliancePoint.
Carol Amick
According to the United States Department of Health and Human Services, approximately 70 percent of organizations are not HIPAA Compliant. The Health Insurance Portability and Accountability Act, known as HIPAA mandates industry wide standards for healthcare information and electronic billing, and requires protection as well as confidential handling of protected health information.
According to HIPAA rules, any company that deals with protected information must have a physical network and process security measures that are followed to ensure compliance. It may be safe to say that many organizations are still perplexed about HIPAA audits, enforcements and compliance. As a result, the number of organizations that fail to meet compliance each year remain the majority. To begin understanding compliance, healthcare organizations would be wise to consider three key recommendations.
Analyze the past, to avoid making the same mistake twice
It is important for hospitals and healthcare facilities to look at some of the common mistakes that are repeatedly noted in HIPAA security reviews. HIPAA states that out of all the reviews completed, there are a number of frequent compliance violations and issues that are found each year. This includes impermissible uses and disclosures of protected health information, lack of safeguards to protect health information, lack of patient access to their personal health information, lack of administrative safeguards on electronic protected health information, and use or disclosure of more than the minimum protected health information. Protecting valuable data by analyzing past mistakes is an important step in the compliance process.
Perform a risk assessment and GAP analysis
One preventative measure in assessing an organization’s compliance with HIPAA is a risk analysis and a GAP analysis. The confusion and lack of understanding around the two examinations has been common among healthcare professionals in the marketplace for some time. Not understanding the differences can be detrimental to an organization, and puts them at a significantly higher risk. According to HHS and OCR guidelines, all healthcare organizations must specifically conduct a risk analysis to be deemed within HIPAA compliance.
A HIPAA GAP analysis can be used to measure the organizations information security standing against HIPAA, which is part of HHS audit protocol. Comparing the organization’s current practices to the HHS OCR audit protocol will identify the strengths and weakness of the security program. From there, the organization can determine whether they have reasonable and appropriate administrative, physical and technical safeguards in place to protect patient health. Performance of the GAP analysis also allows the organization to develop an audit response toolkit, which includes the data and documentation that would be able to support compliance with the HIPAA regulations to regulatory agencies.
Running a healthcare facility is a herculean task even with the most experienced staff. Most studies on the state of healthcare industry decry the high cost of equipment maintenance and it is also the greatest challenge that every hospital administrator deals with. Breakdown of hospital equipment can lead to fatalities and this is why you need to leverage preventive maintenance software to avoid legal issues and costly repairs.
Computerized maintenance management system (CMMS) will help reduce hemorrhage of hospital revenues through unforeseen equipment breakdowns. This system is used to schedule preventive maintenance at the healthcare facility thus avoiding downtime of the machines. With this software, all of the hospital’s assets are tracked and monitored and all of this information is presented on one single dashboard. As the facility manager, you have instantaneous access to information about the condition of all the equipment. With such access to information the maintenance procedures are easier to execute, which saves the institution from financial loss and also improves the quality of patient care provided.
To appreciate why you should invest in such a maintenance system, consider the folowing benefits:
Improved Patient Care
The patients are the top priority in a healthcare facility and as such all efforts should be directed towards providing quality care. By adopting the CMMSsoftware, you will have preventive measures in place in case of equipment failure. The health of patients is in your hands and situations such as power outages and equipment failure must be averted, as they can result in fatalities. You are able to come up with contingency plans in case of emergencies and the system also helps in case of evacuations. By providing for real-time communication between members of staff, this software improves the level of service offered at the facility.
Improved Asset and Inventory Management
A vast healthcare facility receives lots of supplies daily, and these are crucial in offering appropriate health services. Tracking all these supplies manually is very tricky and tedious, but with an automated system you can keep track of what is available and what needs to be replenished, quite easily. You can also monitor which departments are consuming more supplies and make relevant decisions based on such information. This system also helps you keep track of the equipment in the facility. If there are any due repairs, it is easier to alert the concerned parties to avoid downtime.
Risk Assessment
A hospital environment provides unique challenges and risk assessment is crucial to avoid accidents. The best maintenance management software also enables you to assess the potential risks in any project and equipment. By receiving such information beforehand, you are able to preempt any risks and avoid accidents. You can also carry out quality safety inspection to ensure every department is prepared for any unanticipated risks.Continue Reading
Guest post by Lysa Myers, security researcher, ESET.
Risk assessment is something we all do, every day, in healthcare and in our daily lives. Consider crossing the road. Should you cross at the lights? Can you trust the traffic to obey the lights? Doctors perform risk assessments when prescribing medications or evaluating a patient for an operation. Unfortunately, risk assessment for electronic health records (EHRs) is not fully understood or implemented by some healthcare organizations, especially smaller facilities that lack dedicated IT or security staff. Yet, this type of risk assessment is increasingly important to the success of healthcare-related businesses.
How do you proceed if your organization lacks the expertise to complete an EHR risk assessment? Because this is such a complex topic, the answer to that question could easily fill volumes. But we all have to start somewhere, so I will provide a basic description to steer you in the right direction to do more in-depth research on your own.
How to do an EHR risk assessment
There are four basic steps – the time and effort they require depends upon the size and complexity of your organization, and the thoroughness of your assessment. You may wish to do your assessment in multiple passes over time, getting more in-depth as you go. This turns a huge headache that must be dealt with all at once into something more manageable that can be revisited to keep up with changes as they occur.
