HIPAA security risk assessment tip: Consider outside help
HIPAA Weekly Advisor, May 17, 2010
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
The HIPAA Security Rule requires a covered entity to conduct a risk assessment.
To save money, try to do your risk assessment yourself first, says Frank Ruelas, director of compliance and risk management at Maryvale Hospital in Phoenix and principal of HIPAA Boot Camp in Casa Grande, AZ. If you’re uncomfortable conducting the first risk assessment alone, hire someone with well-established credentials.
Margret Amatayakul, MBA, RHIA, CHPS, CPHIT, CPEHR, CPHIE, FHIMSS, president of Margret\A Consulting, LLC, in Schaumburg, IL, says an outside set of eyes helps determine where an organization’s vulnerabilities lie.
Someone from outside the organization can bring people together and complete a comprehensive assessment, looking at both privacy and security needs, she says.
Organizations should consider their choices carefully, Amatayakul says. It’s possible to spend thousands of dollars purchasing unnecessary items. For example, one hospital wanted a vulnerability scan that ultimately would not do what the hospital wanted, she says.
Editor’s note: The preceding is an excerpt of an article in the April 2010 issue of the HCPro, Inc. newsletter, Briefings on HIPAA. See next week's HIPAA Weekly Advisor for more tips.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- HIPAA Q&A: Level of encryption needed for email
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- QA:Coding multiple initial infusions
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- CMS has reformulated payments for some bilateral procedures
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched