12 Things Every Medical Office
Practice Administrator Ought To Know About HIPAA

Our competition hands you a report and leaves,
we hand you a report and are just starting.

  1. Data Breach prevention, by securing your network and business, will lead to HIPAA and Meaningful Use compliance.
  2. Data Breach prevention is also smart business, since the average cost of a data breach in 2013 was $ 201 per patient record. Multiply your number of patient records times $ 201 to estimate the cost of a data breach to your practice.
  3. A HIPAA breach was the basis for a successful malpractice suit.
  4. You were required to complete your first HIPAA Risk Analysis in 2005. A Security Risk Analysis (SRA) is NOT optional – it is required.
  5. If you attested to Meaningful Use, you were required to complete a HIPAA Risk Analysis prior to attestation, and to remediate your risks during your reporting period.
  6. Like a diagnosis without a blood test or x-ray, an accurate risk analysis cannot be complete without understanding what is going on “under the skin” of your computer network.
  7. A Risk Analysis must be updated whenever there are major changes in your organization, such as implementing a new EHR, loss of a Partner, or moving the business to a new location.
  8. Policies and Procedures are not enough for compliance – Health and Human Services (HHS) wants documented evidence of compliance.
  9. Every organization except one subjected to an Office of Civil Rights (OCR) investigation that resulted in a Resolution Agreement (RA) and Corrective Action Plan (CAP) was cited for failure to perform a proper Security Risk Analysis. The one that had done a risk analysis was penalized for documenting risks but not mitigating them.
  10. 68% of the organizations audited in 2012 had adverse findings regarding the Risk Analysis.
  11. You had to sign new Business Associate Agreements (BAA) with all of your Vendors by September 22, 2014 that comply with the Omnibus Rule changes from January of 2013.
  12. A Data Breach generally opens the door for an audit from OCR, and the first thing they are going to ask for is…a copy your current Risk Analysis.

Computer Networks Inc. has partnered with Semel Consulting (www.semelconsulting.com), leading experts in Risk Analysis and HIPAA compliance, to offer you:

  • Security Officer Services for the entire year
  • A thorough and professional Security Risk Analysis
  • Policies, Procedure and Documentation
  • Guidance and a roadmap to achieve and maintain HIPAA compliance

Every day you refer your Patients to board certified specialists. Shouldn’t you consider a specialist for helping you with your Risk Analysis?

Doctors know they should not treat themselves

The federal government says “doing a thorough and professional risk analysis that will stand up to a compliance review will require expert knowledge that could be obtained through services of an experienced outside professional.” http://www.healthit.gov/providers-professionals/top-10-myths-security-risk-analysis