BMN Blog

The National Institute of Standards and Technology has published a bulletin that provides several key reminders for people who have had to shift to working remotely as a response to COVID-19. The guidance, which can be found in full at the link below, summarizes previous NIST guidelines for working safely when out of the office.

A look at the calendar tells us that we only have a short time left in 2018. That means many practices will be looking to complete their Security Risk Assessments in order to either qualify for the 2018 Merit-based Incentive Payment System (MIPS) or to simply fulfill their obligations to comply with the HIPAA Security Rule.

It is especially important for smaller practices to be mindful of Electronic Protected Health Information (ePHI) security regulations – a breach of ePHI can lead to costly notification requirements and potential monetary penalties under the HITECH Act.[1]  Managing physicians of small independent practices hold many responsibilities, including the duty to comply with the Security Rule within HIPAA regulations.  This article provides a brief overview of federal ePHI compliance safeguards required in a practice.  While not meant to be a comprehensive discussion of all requirements, it highlights legal considerations and safeguards a practice must implement to comply with HIPAA ePHI regulations.  The federal Security Rule under HIPAA requires a health care provider (typically known as a Covered Entity[2]) to have the minimum ePHI safeguards, listed below.