HyperionLIVE!

In all the hype and confusion surrounding HITECH, its easy to lose sight of the fact that all the many technical, administrative, physical and organizational implementation specifications can be summed up in just a few points. Keep in mind, understanding the summary won't get you into compliance.  Only adherence to the DHHS safeguards will do that.  However, the following summary should provide you with a very clear picture of what you are being asked to do. 

• Know what PHI is out there and understand the associated risks of its disclosure or loss
  • Completed through risk assessment and mitigation plan development
  • The risk assessment sets the baseline for everything going forward
• Control access to PHI
  • Requires strategic and legal opinion, along with physical and technical implementation
  • Will the practice areas be responsible for defining who can view ePHI?
  • How far down the rabbit hole do you go?  Role based? Field level?
  • How will you lock down access to physical PHI?  electronic PHI?
• Protect it
  • Through the use of technologies such as encryption, media reuse, strong passwords
  • Protect client records through physical security and policies
• Make it available
  • Business continuity/disaster recovery for all electronic and non-electronic records
• Document everything
  • Policies, procedures, BA agreements, role-based responsibility

The HyperionGP HITECH Risk Assessment Starter Kit was designed to lay out the actual implementation safeguards and specifications and to help you get started with your compliance efforts.  Go to the link for more information!  http://www.hyperiongp.com/hitech-risk-assessment-starter-kit