HIPAA & HITECH Require Risk Analysis
A key requirement of the HIPAA and HITECH regulations is that covered entities and business associates must conduct a comprehensive and thorough assessment of the potentials risks and vulnerabilities to the confidentiality, integrity, and availability (CIA) of all electronic Protected Health Information (EPHI). These HIPAA and HITECH mandates require that organizations must complete a comprehensive and thorough vulnerability assessment on a regular schedule.
OCR Guidance on HIPAA Risk Analysis
The guidance published by the Office of Civil Rights states that, “Conducting a risk analysis is the first step in identifying and implementing safeguards that comply with and carry out the standards and implementation specifications in the Security Rule. Therefore, a risk analysis is foundational…”. Further, OCR states that, “All EPHI created, received, maintained or transmitted by an organization is subject to the Security Rule. The Security Rule requires entities to evaluate risks and vulnerabilities in their environments and to implement reasonable and appropriate security measures to protect against reasonably anticipated threats or hazards to the security or integrity of EPHI. Risk analysis is the first step in that process.”
ecfirst’s bizSHIELDtm program satisfies this HIPAA requirement.
HITECH Meaningful Use Requirements Include Risk Analysis
Demonstrating Meaningful Use of an Electronic Health Record (EHR) requirement tells organizations that they must, “Implement systems to protect the privacy and security of patient data.” Organizations seeking to demonstrate Meaningful Use must, “Conduct or review a security risk analysis and implement security updates as necessary, and correct identified security deficiencies.”
ecfirst’s bizSHIELDtm program satisfies this HITECH requirement.
bizSHIELD – An ecfirst Risk Analysis Service
ecfirst developed the bizSHIELDtm program to assist Covered Entities, Business Associates, and vendors of Electronic Health Records (EHRs) and Personal Health Records (PHRs) in meeting the requirements of the HIPAA Privacy and Security Rule, The HITECH Act, and all subsequent guidance documentation and settlement agreements.
As a part of the bizSHIELDtm program, ecfirst will list every requirement of the HIPAA Security Rule including every Safeguard, Standard, and Implementation Specification in a risk analysis format that identifies an organization’s state of compliance with the requirement, recommended remediation activity, and associated risk priority. All remediation activities will be listed according to recommended implementation time bands in the bizSHIELDtm Corrective Action Plan (CAP) table. The bizSHIELDtm report is an actionable, documented risk analysis that provides both in depth and executive summary level findings appropriate to all audiences from administrators to the Board of Directors.
Privacy Gap Assessment Service
bizSHIELDtm helps an organization to understand, improve, or verify their compliance with the HIPAA Privacy Rule. bizSHIELDtm provides both summary and detailed compliance information as well as all necessary remediation activities pertinent to the organization’s business model. bizSHIELDtm will enable an organization to quickly determine the state of compliance, needed remediation, and will list actionable steps to achieve compliance.
HITECH Data Breach Service
Under the HITECH Data Breach Rule, organizations are required to take steps to prevent, identify, report, and remediate data breaches of unsecured information. The ecfirst TRACER solution will document the ability of the organization to detect a breach, review the incident management policy and procedures, and make recommendations. In addition, organizations will receive a HITECH Data Breach policy and several Data Breach procedures to ensure compliance, should a breach happen.
About ecfirst, Home of The HIPAA Academy
Devoted To Our Clients. Delivering with Passion.
ecfirst, Home of The HIPAA Academy™, is a leader with rich hands-on experience delivering world-class services in the areas of:
- Security regulatory compliance solutions (HIPAA, HITECH Act, PCI DSS, NIST and ISO 27000 Standards, State Regulations)
- Compliance training and certification
- HITECH data breach and incident response management
- End-to-end Meaningful Use EHR Stage 1 objective driven services including gap assessment, risk analysis, reporting and more
- Health Information Technology (IT) services including On-Demand Consulting (starting @ 40 hours), Management Compliance Services Proposal (MCSP), IT professional staffing and project management, customized portal development and security technology implementation
Compliance and Training Certification
ecfirst, home of the HIPAA Academy™, offers the gold standard in compliance training and certification. The HIPAA CHATM and CHP certifications are the only certifications recognized in the Industry. The ecfirst Certified Security Compliance SpecialistTM (CSCSTM) Program is the first and only information security program that addresses all major compliance regulations from a security perspective.
ecfirst delivers world-class information security and regulatory compliance solutions. With over 2,000+ clients, ecfirst was recognized as an Inc. 500 business – America’s Top 500 Fastest Growing Privately Held Business in 2004 – our first year of eligibility. ecfirst serves a Who’s Who client list that includes technology firms, numerous hospitals, state and county governments, and hundreds of businesses across the United States and abroad. A partial list of clients includes Microsoft, Symantec, HP, McKesson, EMC, IBM, Principal Financial, U.S. Army, U.S. Dept. of Homeland Security, U.S. Dept. of Veterans Affairs and many others.
Regulatory Compliance Practice
The ecfirst Regulatory Compliance Practice delivers deep expertise with its full suite of services that include; HIPAA Privacy Gap Analysis, Meaningful Use Risk Analysis, HITECH Data Breach, Technical Vulnerability Assessment, Policy and Procedure Development, Disaster Recovery Planning, On-Demand Consulting, as well as managed security and IT infrastructure solutions.
ecfirst combines state of the art tools, the highest credentialed staff, and reporting that maximizes value, efficiency, and information for our clients to deliver the industry’s best technical vulnerability assessments.
Critical ecfirst differentiators include:
- Home of The HIPAA Academy™ – First in the healthcare industry with the Certified HIPAA Professional (CHP) and Certified Security Compliance Specialist™ (CSCS™) programs
- Highly credentialed professional consulting team with expertise in HL7, ICD-9/10, HIPAA, HITECH, Meaningful Use
- Deep experience in the healthcare industry
- Compliance based vulnerability assessments
- Executive dashboards that may be tailored for senior management to highlight critical findings
Talk to ecfirst and you will find an organization that is passionate about the services we deliver and exceptionally devoted to its clients. We deliver value with intensity and are paranoid about our performance for your organization.