Addison Internal Medicine has spent a decade working toward what it is today: a premier destination...

Do you have procedures in place to protect patient information, mitigate security risks, and address security breaches if/when they occur?
If not, your practice is like a compliance time bomb waiting to explode. Patient information security should be a high priority - compliance issues can easily lead to fines, reputational damage, and legal trouble.
To make sure patient information is as secure as possible, you should be performing regular security risk assessments for your practice. While you can run these internally, it’s very easy to overlook major issues, which is why many practices have an experienced third party perform risk assessments on their behalf.
A typical security risk assessment performs three functions:
Upon completion, a typical security risk assessment report will provide recommendations for mitigating security risk and monitoring results. Your report will include the following items for review:
Security risk assessments are required by HIPAA. Regular assessments help ensure compliance with all safeguards to protect your patients’ information.
Vulnerabilities can lead to breaches of sensitive information, which have the following repercussions listed by HIPAA:
Note: It’s crucial to address identified issues ASAP, especially if you participate in the MACRA programs (MIPS & APMs). During an audit, your most recent security risk assessment will be one of the first things they’ll ask for.
Risks come from insecure processes, people, or technology. Here are some basic steps you can take to ensure compliance:
If you work with a risk assessment expert, you’ll receive personalized recommendations based on your full assessment.
Below are some common questions you may find in a security risk assessment for physician practices. You can start by reviewing these questions internally, but it is highly recommended that you get an assessment from an objective, experienced third party to ensure compliance.
Download a PDF version of this sample HIPAA security risk assessment here.
Want more info about compliance & liability reduction? Check out this related post on OIG Exclusion Lists, or visit our page on Healthcare Compliance & Liability Reduction Services.
Addison Internal Medicine has spent a decade working toward what it is today: a premier destination...
Although it’s never easy, there are times when terminating a patient from a medical practice is...
Research shows that today’s average medical practice overhead is actually between 60% and 70%....
7 Use Cases of Healthcare AI to Improve Office Workflow Management
You don't have to look far to see the use cases of AI in healthcare – diagnostics, robotic surgery,...
Here’s the bottom line: you’re wasting time and money doing your own credentialing. Find out how to...
The Electronic Medical Record (EMR) system is designed to provide comprehensive, up-to-date...
Social media has become an integrated part of today's world, and it is no surprise that it plays an...
What’s in a name? It turns out that names are very powerful, especially when you’re selecting a...
The Physician Self-Referral Law, commonly referred to as the Stark Law, is a federal law passed in...
Healthcare professionals regularly find themselves struggling to find the best ways to help...
Leave a Comment