Part of staying HIPAA compliant in your practice requires covered entities to conduct a risk assessment of their practice. While it may sound difficult or time consuming, performing a risk assessment is really in your best interest. A risk assessment is going to make sure that your practice is compliant with administrative, physical, and technical safeguards, and it will help you identify where your practice could be at risk of a violation.
HealthIT.gov is a great place to go if you have questions regarding optometry software risk assessment in your practice. In this two part blog series we are going to talk about 10 things your practice should know about risk assessment. Let's look at the first five.
5 Tips for Optometry Software Risk Assessment
1. It's not optional.
If your practice transmits information in an elecronic format, like transfering a claim to payers, you're considered a covered entity, and you're required to perform a risk assessment. If you're participating in Meaningful Use, risk analysis is one step of attesting.
2. You can perform it yourself, or get help from a professional.
Depending on the level of knowledge you and your team has when it comes to assessing security risk there are tools available that can help you perform an assessment. Or, if you aren't confident in your ability to successfully evaluate your risk, you can opt to hire out to a professional.
3. You still need to perform an assessment if you're using a certified EHR.
Simply having a certified EHR does not disqualify you from having to perform an assessment. The analysis will look at compliance of administrative, physical, and technical safeguards across all electronic aspects of your practice.
4. If you're attesting to Meaningful Use, you have time to correct any risk issues.
If you run your risk assessment and find specific security issues, you can correct them during the reporting period. You don't need to put Meaningful Use on hold until you're able to resolve the problem areas.
5. Risk assessment is an ongoing process.
As you add new technology, or make updates to your software, your practice will need to continue to review your risk. If you're participating in Meaningful Use, a risk assessment is required for each reporting period.
Stay tuned to the blog for Part 2!