Home Health & Hospice Week
Consider Important Factors When Assessing HIPAA Risk
Using collected info can help you sidestep serious security problems. Regs and tools provided by the feds may offer helpful guidance, but it’s still easy for providers to get lost in the maze of HIPAA risk analysis. For example: The type and size of your organization factors into how you’ll assess and identify risks — and may determine how you’ll implement the necessary changes. Plus, financial and employee constraints may impact how much of your budget or workforce will go toward your HIPAA Security Rule compliance planning and management. “Most organizations, regardless of size, struggle to properly scope the environment they’re evaluating,” cautions Jen Stone, principal security analyst with Security Metrics in Orem, Utah. “Under the HIPAA Security Rule, we care most about protecting ePHI, so the scope should include anywhere ePHI is created, received, transmitted, or stored. It’s important to remember networks and systems that have the ability to communicate with the primary scope as well.” Pinpoint Your Risks Before Analyzing A common theme runs through many of the HHS Office for Civil Rights settlements, especially among data security breaches. Covered entities (CEs) or their business associates (BAs) missed opportunities to better address their vulnerabilities at various levels of assessment, logging, monitoring, and testing. Remember, before you can analyze your risks, you must collect the data and that requires mechanisms for identifying threats. “In general, most risk analysis frameworks consist of gathering information about the data and systems being evaluated, listing the threats and vulnerabilities related to them, assigning values to the likelihood and impact of a threat successfully executing against a vulnerability, and developing a prioritized list of risks based on these inputs,” Stone says. Mapping out an action plan will help you form the risk analysis that’s best for your organization. Moreover, outlining your objectives not only will help you improve security but will give you an idea of what the overall cost will be from the fiscal to the professional. “The analysis needs to be deep enough to provide a view into the security evaluation, direction, necessary corrections, [and] things to be watching, so that a reasonable, prioritized, actionable list of tasks can be created,” explains Jim Sheldon- Dean at Lewis Creek Systems in Charlotte, Vermont. Sheldon-Dean maintains that a good risk analysis provides a picture of these elements: “a) the strength of security controls versus the threats; b) the overall direction and momentum in improvements to security; c) what should be done to improve security or correct deficiencies; and d) an indication of what needs to be monitored and reviewed on a regular basis to ensure continued and improving security.” He adds, “The issues should be sorted into a kind of a ‘fix this now,’ ‘fix this when you reasonably can,’ and ‘keep your eye on this’ set of priorities.” Critical: Evaluating your organization’s data security and keeping up with risk analysis is just the first step. Using the information to improve data security and implement policies that safeguard ePHI is an essential step in the process, Stone says. “Unfortunately, there are organizations that perform risk analyses but fail to put measures in place to address risk. Even though it can seem overwhelming, organizations should not just have a plan to mitigate risk, they also need to work the plan,” she warns.
Home Health & Hospice Week
- Compliance:
Beware These Challenges To Telehealth Reporting Compliance
Manual coding could introduce errors. The new requirement to report home health telehealth services and [...] - Reimbursement:
Follow These 9 Tips To Ace New Telehealth Requirement
Pointer: Check out clarifications issued by HHH MACs. Whether you’ve got a full blown telehealth [...] - Telehealth:
3 New Codes Make Up Your Telehealth Billing Toolkit
Here’s what to do when more than one discipline uses remote patient monitoring info. Make [...] - COVID-19:
Say Goodbye To Provider Relief Funds
Debt ceiling agreement abruptly ends COVID relief program. If you haven’t received Provider Relief Fund [...] - HIPAA:
Consider Important Factors When Assessing HIPAA Risk
Using collected info can help you sidestep serious security problems. Regs and tools provided by [...] - Hospice:
California, Oregon Get New Hospices
Meanwhile, Georgia hospice facility closes its doors. Crescent City in the northern part of California [...] - Industry Notes:
Tune Into New VBP Educational Live Stream
First IPR is nearly here. Now that you’re nearly halfway through your first performance year [...] - Industry Notes:
Medicare Spending To Trend Up
Don’t be surprised if and when lawmakers start looking anew for places to cut the [...] - Industry Notes:
Keep An Eye Out For Opportunities With New Primary Care Model
Keep an eye on a new Medicare primary care-focused demonstration project, which may affect hospice [...] - Industry Notes:
No Surprises Act Outreach Kicks In
Hearing more from patients regarding the No Surprises Act shouldn’t take you unawares. Recap: “The [...] - Industry Notes:
Therapy Telehealth, Palliative Care Bills Introduced
Two new bills would make providers’ lives easier if passed. The Expanded Telehealth Access Act [...] - Industry Notes:
Companies Link Over Hospice VBID
VNS Health and Compassus will manage the Hospice Benefit Component for several thousand Medicare Advantage [...] - Industry Notes:
HH Chain, Referral Platform Partner
Elara Caring is partnering with A Place for Mom to provide personal care services to [...] - Industry Notes:
Union Touts HH Successes
Union members at Olympic Medical Home Health in Port Angeles, Wash., voted “yes” on a [...]
