Q&A: You've got questions! We've got answers!
Physician Practice Insider, May 16, 2017
Submit your questions to Editor Karen Long Rayburn at klong@decisionhealth.com, and we will work with our experts to provide you with the information you need.
Q. Since our last risk analysis, we’ve added a patient portal. Do we need to include the patient portal in our risk analysis?
A. Yes, because it represents a potential threat to your patient’s protected health information (PHI). When you make any significant change to your IT infrastructure or make any major changes to your business or clinical practices, it’s recommended that you assess the risk before the change and after the change. If a risk analysis was conducted within a year of that change, there isn’t a reason to completely redo the risk analysis, though. A full risk analysis should be conducted annually, especially if you’re receiving Meaningful Use (MU) dollars.
When systems change, like adding a patient portal, it’s a good idea to assess what those changes mean as it relates to risk and mitigate identified risks before making the change. After the change is made, check to make sure the risks you identified and addressed were actually mitigated and that no new risks arise that could threaten your patient’s PHI. This should be included as a process in your risk management program. A risk management program is sound security practice and is a HIPAA and MU requirement.
Editor’s note: This question was answered by Chris Apgar, CISSP. Apgar is president of Apgar & Associates, LLC, in Portland, Oregon. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Opinions expressed are that of the author and do not represent HCPro or ACDIS. Email your questions to Editor Karen Long Rayburn at klong@decisionhealth.com.
Related Products
Most Popular
- Articles
-
- FDA says to decrease reuse of devices, CMS removes some blanket waivers
- Don't forget the three checks in medication administration
- Note similarities and differences between HCPCS, CPT® codes
- Practice the six rights of medication administration
- Nursing responsibilities for managing pain
- Prevent dehydration with nursing interventions
- Q&A: Primary, principal, and secondary diagnoses
- Steps for maintaining patient privacy
- The consequences of an incomplete medical record
- Know the medical gas cylinder storage requirements
- E-mailed
-
- FDA says to decrease reuse of devices, CMS removes some blanket waivers
- Understand the spine to code back procedures correctly
- Refine the terms: Understand unbilled accounts and DNFB
- Q/A: Correct use of modifier -PT
- Q/A: Coding for wound care with no-cost skin substitute
- Q&A: Use yes/no queries to resolve surgical complication questions
- Proper coding for polyp removal
- Expirations on standing orders
- Developing a Fall-Prevention Program
- Clinically Speaking: Check CDI efforts related to functional quadriplegia
- Searched