The Short Overview
Who is Covered by the Security Rule
- You are if you store and/or transmit any patient data electronically
Business Associates
- They are working on this.
What Information is Protected
- Any and all patient data that is electronically stored. Oh, paper files too.
General Rules
- If patient information is lost or stolen they are going to ask you why at a minimum
Risk Analysis and Management
- A practice has to document how it has reviewed and implemented records security
Administrative Safeguards
- A practice needs a security manager who is responsible for records security and employee awareness/compliance
Physical Safeguards
- Restricted physical access to all means of addressing electronic records, including mobile devices
Technical Safeguards
- Firewalls, authentication, user rights, access tracking, anti virus/mal ware and so on……….
Required and Addressable Implementation Specifications
- Required implementation specifications are just that and they can get you on the addressable ones too
Organizational Requirements
- This is where you are required to take “reasonable steps” wide open as to what they can call “reasonable”
Policies and Procedures and Documentation Requirements
- More “reasonable” as to how you document employee information, systems configurations and all manner of those required and addressable security specifications
State Law
- Each state can add their own set of requirements and regulations to enhance the federal law.
Enforcement and Penalties for Noncompliance
- No one wants to go here and we will do our best to keep you out of it.
Compliance Dates
Now!!
We Do All Of This For Your Practice