BMN Blog

Is your EHR application in the cloud or are you considering moving to a cloud based provider? If so ensuring that you know the providers processes for data backup, disaster recovery and overall security are extremely important.

It is especially important for smaller practices to be mindful of Electronic Protected Health Information (ePHI) security regulations – a breach of ePHI can lead to costly notification requirements and potential monetary penalties under the HITECH Act.[1]  Managing physicians of small independent practices hold many responsibilities, including the duty to comply with the Security Rule within HIPAA regulations.  This article provides a brief overview of federal ePHI compliance safeguards required in a practice.  While not meant to be a comprehensive discussion of all requirements, it highlights legal considerations and safeguards a practice must implement to comply with HIPAA ePHI regulations.  The federal Security Rule under HIPAA requires a health care provider (typically known as a Covered Entity[2]) to have the minimum ePHI safeguards, listed below.

They were surprised, and you likely be will, too. Of the hundreds of healthcare organizations I’ve helped document HIPAA and meet compliance requirements, most are unaware that their Patient Health Information (PHI) is exposed in some way. If a cyber attacker took advantage of this situation, it could cause damage to your patients, bring giant HIPAA fines, and a loss of reputation.

We hate to break it to you, but there's a HIPAA requirement you’re more than likely doing wrong. The Department of Health & Human Services’ Office for Civil Rights (OCR) is cracking down on requiring a true Healthcare Security Risk Analysis.