Six steps to improve HIPAA security audits
Health Care Auditing Strategies, March 1, 2008
This is an excerpt from a member only article. To read the article in its entirety, please login.
If you are not on CMS' list of potential PricewaterhouseCoopers (PwC) HIPAA audits, be thankful. But take the time to consider how well you would perform if such an audit were to take place at your hospital. "It's a good idea to take a close look at what you're doing now to make sure that you are in compliance, because this is something that is serious," says Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, OR.
Use the following six steps to audit your HIPAA security and better ensure that your hospital is in compliance with the rule:
1. Perform a risk analysis.
A risk analysis forms the basis for any sound security program, Apgar says. In a risk analysis, first inventory all of your organization's assets, including people, data, hardware, software, facilities, etc.
From these assets, determine which are the most important to maintaining your organization's security and business operations. Then analyze these vital assets to determine vulnerabilities and threats.
This is an excerpt from a member only article. To read the article in its entirety, please login.
Comments
0 comments on “Six steps to improve HIPAA security audits ”
Related Products
-
Strategies for Health Care Compliance
News and real-life examples to increase the effectiveness of your compliance program. Strategies for Health Care Compliance...
-
Compliance Monitor
This HTML e-mail newsletter delivers news on Medicare and Medicaid fraud and abuse, as well as recent documents and targets...
-
Medicare Weekly Update
Each issue of Medicare Weekly Update includes the latest CMS proposed and final rules, CMS manual revisions, and...
-
Medicare Update for Physician Services
Medicare Update for Physician Services is a free, monthly e-zine that delivers news and information to help physician...
Most Popular
- Articles
-
- HIPAA Q&A: Level of encryption needed for email
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Capturing all necessary codes for IUD insertion and removal can be challenging
- Identify potential Medicaid RAC target areas
- Topic: CMS, OESS post new security compliance review information, checklist
- What does case-mix index mean to you?
- Q&A: Acute respiratory failure diagnosis does not require intubation
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- HIPAA Q&A: Level of encryption needed for email
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- CMS has reformulated payments for some bilateral procedures
- Oxygen Cylinder Storage Requirements
- Q&A: Acute respiratory failure diagnosis does not require intubation
- Q&A: Follow CMS' coding guidelines when using modifier -25
- Understand the spine to code back procedures correctly
- Catch up on what's new with injections and infusions
- Hospitals are not bound by InterQual criteria for determining patient status
- Searched