As medical imaging improves through the advancement of information technologies, health care organizations have to contend with the regulatory requirements of protecting patient data. It is not a simple matter of implementing secure logins and security pathways, as a detailed and thorough Risk Analysis is necessary to determine any potential flaws in the system. This is an integral component of any practice’s privacy standards.
“If you don’t do a security risk analysis, it’s really doubtful that you’re going to be able to comply with the other elements of the [HIPAA] Security Rule, because this is really the core requirement: that you know what’s in your systems and how you’re going to protect them,” she said, quoted by AuntMinnie.com. According to Joy Pritts, chief privacy officer of the Office of the National Coordinator for Health Information Technology, analyzing and managing risk is essential for practices to develop and follow a strategy for protecting the confidentiality and availability of patient health information stored on Electronic Medical Records Software.
Creating a plan
Performing risk analyses and security assessments are requirements not only by HIPAA, but also by the EHR incentive program established by the U.S. Centers for Medicare and Medicaid Services. While the standards lay out the principles needed to adhere to government guidelines, they do not include specific protocols or planning instructions for health care providers to utilize.
Advance Healthcare Network reported that to date, 682 organizations and 156 health care business associates accidentally revealed protected health information, with serious damage to public reputation and financial penalties for the violations. Despite the overwhelming threat of consequences, many providers have yet to conduct a rigid analysis of risk hazards within their practices, including in Diagnostic Radiology.
Jonathan Coleman, principal of the consulting firm Security Risk Solutions, suggested eight steps to carry out an analysis for security risks, as reported by AuntMinnie.com. They include:
- Identify the target: All electronic PHI within the organization.
- Collect data: Identifying where PHI is maintained or transmitted.
- Seek out and flag potential threats: Identify plausible scenarios such as – unauthorized access to network and systems.
- Examine current system for vulnerabilities: Find any weaknesses with security.
- Decide on the likelihood of threats: The probability that a threat will take advantage of any vulnerabilities.
- Determine the possible impact: In all categories of the practice – legal, financial, customer confidence, productivity, and more.
- Label the risk level: Come up with a risk matrix for threats.
Develop proper security measures and documentation: Rank risks in terms of potential impact and design protocols for mitigating threats and reporting them to HIPAA.
Contact Viztek for More Information
Ronny Bachrach
Latest posts by Ronny Bachrach (see all)
- Konica Minolta Debuts First-of-Its-Kind Digital U-Arm System at AHRA - July 27, 2016
- Researchers Detect Signs Of Stroke Risk Using MRI - June 27, 2016
- Imaging Biz: Q&A with David S. Channin MD: How to Make PACS Patient Centered - June 22, 2016
0
0
0
