"
Having a second set of eyes on our network by a team with great credentials helps me to sleep better at night and makes it easier to meet HIPAA compliance."
Health Fitness Corporation

Health Fitness

Healthcare - HIPAA/HITECH

"The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, was signed into law on February 17, 2009, to promote the adoption and meaningful use of health information technology. Subtitle D of the HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules."
Department of Health and Human Services (www.HHS.gov)
What You Need to Do How Redspin Can Help
Meaningful Use Stage 1 Core ObjectiveProtect Electronic Health Information

Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities.

Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process. 		HIPAA Security Risk Analysis
HIPAA Security RuleAdministrative Safeguards (45 CFR 164.308(a)(8)) Evaluation. Perform a periodic technical and nontechnical evaluation, based initially upon the standards implemented under this rule and subsequently in response to environmental or operational changes affecting the security of electronic protected health information that establishes the extent to which an entity's security policies and procedures meet the requirements of this subpart. HIPAA Gap Analysis

The healthcare IT landscape is changing fast. Through government sponsored incentive payments, the 2009 HITECH Act promotes the adoption and "meaningful use" of healthcare IT — in particular the migration to electronic health records (EHR) to enable greater access to and sharing of patient health information among providers, patients, payers and employees.

But along with easier access and information-sharing over data networks comes an increased risk of privacy breach, data theft or cyber-attack. These increased privacy and security concerns have already been reflected in several provisions that strengthen the civil and criminal enforcement of the HIPAA rules. And "meaningful use" incentive payments (at least for Medicare incentives) are also directly tied to increased IT security. For example, before submitting a stage 1 meaningful use application, a provider must attest that they have performed a HIPAA Security Risk Analysis.

Registration for the EHR meaningful use incentive program began on January 3, 2011 and first payments will be received as early as May 2011. Final rules regarding breach notification, enforcement and modifications to the privacy and security provisions to HITECH and HIPAA will also be published in early 2011.

In summary, two things are clear. First, the healthcare industry's migration to EHR will enable providers to deliver better care more efficiently. And second, IT security will become a critical success factor in every health organization's future. Everyone stands to gain in this prodigious shift, but no one can afford to lose.

Additional Redspin Services

Infrastructure Penetration Testing
Application Penetration Testing
Social Engineering Testing

Twitter Facebook