Sometimes healthcare regulations can seem like a moving target, constantly evolving and changing as we work to keep up with our increasingly connected world. Even in an environment of change, there are some constant trends, including the importance of protecting patient privacy and rights through an annual review of compliance with the HIPAA Privacy and Security rules, more commonly referred to as a Security Risk Analysis (SRA).
As healthcare becomes more technologically advanced, more emphasis is being placed on the importance of conducting a comprehensive SRA. In fact, recent Office of Civil Rights (OCR) audits will specifically review the SRAs of both Covered Entities and Business Associates. In June, Catholic Health Care Services of the Archdiocese of Philadelphia (a Business Associate) was fined $650,000 by Health and Human Services (HHS) for failure to conduct an “accurate and thorough” SRA. Just this month, we saw HHS issue a record $5.5 million fine to Advocate Health Care Network in part because of failure to conduct an appropriate Security Risk Analysis.
Jocelyn Samuels, Director of the OCR, emphasized the importance of a robust Security Risk Analysis, stating “We hope this settlement sends a strong message to Covered Entities that they must engage in a comprehensive risk analysis and risk management to ensure that individuals’ ePHI is secure. This includes implementing physical, technical and administrative security measures sufficient to reduce the risks to ePHI in all physical locations and on all portable devices to a reasonable and appropriate level.”
What’s your liability limit? Are you willing to accept penalties of $650,000? Or $5.5 million as we’ve seen in these cases for failure to complete a strong SRA? Many organizations conduct their SRA in house in an effort to check off a box to meet Meaningful Use program requirements. But is that the best option for you given the importance of compliance? As healthcare data experts, ScanSTAT Technologies offers a comprehensive HIPAA compliance solution, which includes a team of experts conducting your Security Risk Analysis for you.
If you’d like to learn more about the ScanSTAT Security Risk Analysis solution, please email Kathryn Ayers Wickenhauser, our Meaningful Use / HIPAA Compliance Consultant at Kathryn.Wickenhauser@ScanSTATTechnologies.com. Kathryn will provide a customized quote based on your total number of employees (including providers).