Talk to a Security Expert Now: (800) 721-9177

HIPAA Security Risk Analysis. – Are You One Of The 3,300?

Get ‘er Done!

I’m referring of course to the HIPAA Security Risk Analysis requirement of the Stage 1 EHR Meaningful Use Incentive Plan. Between 85%-90% of the 5,000+ eligible hospitals say they plan to qualify for Stage 1, yet data from the Centers for Medicare & Medicaid Services shows less than 25% have attested and received payment as of November 30, 2011. So for the 3,300 or so other hospitals – this is no time to procrastinate. Time flies, whether you’re having fun or not. You’ll need to plan your 90-day qualification period and be ready to attest before the 2012 deadline. Don’t let the HIPAA Security Analysis become “the tall pole in the tent.”

If the $4 million dollars ($2m Medicare, $2m Medicaid) is not enough of an incentive, don’t forget that the new Federal HIPAA compliance and audit program has begun. The Department of Health and Human Services’ Office for Civil rights announced the specifics of the audit program last year, fulfilling the mandate from the HITECH Act (part of the overall ARRA bill passed in 2009). 150 organizations will be audited in 2012 by KPMG (under contract with OCR) and the first 20 covered entities have already been selected and notified.

Although the primary goal of the audit program is security improvement, significant corrective action and civil monetary policies resulting from these audits have not been ruled out. As Leon Rodriguez, OCR’s new chief, likes to say “enforcement improves compliance.” OCR officials have suggested that most of the remainder of the audits will be conducted in the 2nd half of 2012. Even more reason for hospitals to get their HIPAA Security Risk Assessments completed as soon as possible. Better to have had a run-through with a 3rd party, objective, IT security assessment company of your own choosing and taken corrective actionbefore the federal auditors arrive.

Lastly, some hospitals put off allocating resources to meaningful use efforts in 2011 until their individual states had begun their Medicaid EHR Incentive Programs. But the 2012 national landscape already looks much different. 41 of 50 states have now launched their programs with another 5 or 6 to commence in Q1/2012. In all likelihood, all 50 state programs will be in place and making payments by July 2012.

Leave a Reply

Your email address will not be published. Required fields are marked *