The Regional Extension Center at Southern Regional AHEC offers services to assist practices in complying with performing a Security Risk Analysis of their Electronic Health Records. The HIPAA Security and Privacy Rules establish national standards for protection of medical records and PHI (Protected Health Information). Every hospital, health plan, clearinghouse, physician practice, business associate and ANY organization that holds or manages health information has to conduct a Security Risk Analysis, according to the guidelines issued in 2010 by the Office of Civil Rights (OCR).
The OCR has made it clear that it considers the Security Risk Analysis to be the foundation document that regulators will use to assess compliance with the HIPAA standards, including not only the Security and Privacy rules, but also NIST Special Publication 800-30, which gives additional guidance on how to handle, manage and protect individual health information. They also use the Security Risk Analysis to validate the organization’s choice of relevant safeguards (controls).
For further assistance and any questions, please give us a call at (910)-678-7035; or apply with the Regional Extension Center at Southern Regional AHEC.