HIPAA Security Risk Analysis...Are You One Of The 3,300?
HIPAA Security Risk Analysis…Are You OneOf The 3,300?Get er Done!I’m referring of course to the HIPAA Security Risk Analysis requirement of the Stage 1 EHR Meaningful UseIncentive Plan. Between 85%-90% of the 5,000+ eligible hospitals say they plan to qualify for Stage 1, yetdata from the Centers for Medicare &Medicaid Services shows less than 25% have attested and receivedpayment as of November 30, 2011. So for the 3,300 or so other hospitals – this is no time to procrastinate.Time flies, whether you’re having fun or not. You’ll need to plan your 90-day qualification period and be readyto attest before the 2012 deadline. Don’t let the HIPAA Security Analysis become “the tall pole in the tent.”If the $4 million dollars ($2m Medicare, $2m Medicaid) is not enough of an incentive, don’t forget that the newFederal HIPAA compliance and audit program has begun. The Department of Health and Human Services’Office for Civil rights announced the specifics of the audit program last year, fulfilling the mandate from theHITECH Act (part of the overall ARRA bill passed in 2009). 150 organizations will be audited in 2012 by KPMG(under contract with OCR) and the first 20 covered entities have already been selected and notified.Although the primary goal of the audit program is security improvement, significant corrective action and civilmonetary policies resulting from these audits have not been ruled out. As Leon Rodriguez, OCR’s new chief,likes to say “enforcement improves compliance.” OCR officials have suggested that most of the remainder ofthe audits will be conducted in the 2nd half of 2012. Even more reason for hospitals to get their HIPAA SecurityRisk Assessments completed as soon as possible. Better to have had a run-through with a 3rd party, objective,IT security assessment company of your own choosing and taken corrective action before the federal auditorsarrive.Lastly, some hospitals put off allocating resources to meaningful use efforts in 2011 until their individual stateshad begun their Medicaid EHR Incentive Programs. But the 2012 national landscape already looks muchdifferent. 41 of 50 states have now launched their programs with another 5 or 6 to commence in Q1/2012. In alllikelihood, all 50 state programs will be in place and making payments by July 2012.Written by Dan Berger, President and CEO WEB PHONE EMAIL WWW.REDSPIN.COM 800-721-9177 INFO@REDSPIN.COM