The Short Overview

The Full Overview

Who is Covered by the Security Rule

  • You are if you store and/or  transmit any patient data electronically

Business Associates

  • They are working on this.

What Information is Protected

  • Any and all patient data that is electronically stored. Oh, paper files too.

General Rules

  • If patient information is lost or stolen they are going to ask you why at a minimum

Risk Analysis and Management

  • A practice has to document how it has reviewed and implemented records security

Administrative Safeguards

  • A practice needs a security manager who is responsible for records security and employee awareness/compliance

Physical Safeguards

  • Restricted physical access to all means of addressing electronic records, including mobile devices

Technical Safeguards

  • Firewalls, authentication, user rights, access tracking, anti virus/mal ware and so on……….

Required and Addressable Implementation Specifications

  • Required implementation specifications are just that and they can get you on the addressable ones too

Organizational Requirements

  • This is where you are required to take “reasonable steps” wide open as to what they can call “reasonable”

Policies and Procedures and Documentation Requirements

  • More “reasonable” as to how you document employee information, systems configurations and all manner of those required and addressable security specifications

State Law

  • Each state can add their own set of requirements and regulations to enhance the federal law.

Enforcement and Penalties for Noncompliance

  • No one wants to go here and we will do our best to keep you out of it.

Compliance Dates

We Do All Of This For Your Practice