Comprehensive tools, documents, checklist and best practices to become HIPAA/HITECH compliant.
Healthcare organizations regularly use the services of a variety of contractors and professional services. The HITECH act allows covered entities to disclose the minimum necessary of protected health information (PHI) to these “business associates.” The business associate is required to render due diligence to help protect the covered entity in complying with the covered entity’s duties. Our business associate toolkit enables the covered entity to complete the required task with due diligence:
1.1 BA Determination Chart: This flow chart has been developed to determine if the services utilized by the covered entity are under the business associate scope-based HHS guidelines.
1.1 BA Determination Chart: This flow chart has been developed to determine if the services utilized by the covered entity are under the business associate scope-based HHS guidelines. 1.2 Business Associate Assessment Questionnaire: This business associate assessment questionnaire, which covers 13 different risk areas, has been designed to support the requirements of the Department of Health and Human Services (HHS), Office for the Civil Rights (OCR), and other applicable data privacy laws and regulations. This questionnaire needs to be completed at a minimum by all high risk business associates.
1.3 Business Associate Agreement: The provisions in the business associate agreement are designed to help covered entities more easily comply with the business associate contract requirements of the updated HIPAA and HITECH privacy, security, and breach rules.
A security risk analysis is a systematic and ongoing process of both identifying and examining potential threats and vulnerabilities to protected health information and implementing changes to make patient health information more secure. Under the HIPAA Privacy and Security Rule, health care organizations are required to perform active risk prevention and safeguarding of patient information to ensure patient privacy.
2.1 Risk Assessment Questionnaire: This risk assessment questionnaire, consisting of eight topics areas and more than fifty questions, has been designed to support the requirements of the Department of Health and Human Services (HHS), Office for the Civil Rights (OCR), NIST, and other applicable data privacy laws and regulations.
2.1 Risk Assessment Questionnaire: This risk assessment questionnaire, consisting of eight topics areas and more than fifty questions, has been designed to support the requirements of the Department of Health and Human Services (HHS), Office for the Civil Rights (OCR), NIST, and other applicable data privacy laws and regulations. 2.2 Risk Assessment Template: This risk assessment template is designed to organize and prioritize identified risks based on probability and impact criteria. The prioritized high risks need to be mitigated first.
2.3 Best Practices List: The list of updated best practices, derived from NIST, CIS, and other authoritative organizations for different technology systems, is used as reference material to implement security controls.
All covered entities must comply with the HIPAA/HITECH privacy, security, and breach rules, which specifically focus on protecting the confidentiality, integrity, and availability of electronic Protected Health Information (ePHI). As part of this requirement, EHR 2.0 has developed an easy-to-use HIPAA/HITECH assessment toolkit to evaluate privacy, security, and breach rule requirements. Our toolkit consists of:
3.1 ePHI Inventory Template: Thefirst step in HIPAA/HITECH assessment is to identify the ePHI systems, processes, and people involved in creating, receiving, maintaining, and transmitting ePHI. This template helps organizations develop ePHI master inventory.
3.1 ePHI Inventory Template: Thefirst step in HIPAA/HITECH assessment is to identify the ePHI systems, processes, and people involved in creating, receiving, maintaining, and transmitting ePHI. This template helps organizations develop ePHI master inventory. 3.2 Sample Master Information Policies and Procedures: HIPPA security policies reflect the “rules” governing electronic Protected Health Information (ePHI) handling procedures. This includes physical security policy, technology security policy, sanction policy, access policy, contingency plans, security incident procedures, and a social media section, among others.
3.3 HIPAA/HITECH Assessment Checklist: This easy-to-use HIPAA/HITECH security rules checklist covers all 28 administrative safeguards, 12 physical safeguards, and 12 technical safeguards. This assessment checklist helps healthcare organizations to discover the gap areas based on the required and addressable HIPAA/HITECH security rules, in addition to the privacy and breach rule requirements.
3.4 Breach Determination Chart: This flow chart has been developed to apply a consistent approach in performing a risk assessment, to determine if the breach notifications are required to be implemented as a result of a possible breach of unsecured Protected Health Information (PHI).
Business
Associate Toolkit
- BA Determination Chart
- BA Risk Assessment Questionnaire
- BA Agreement/Contract
MU Risk
Assessment Toolkit
- Business Associate Toolkit
- Risk Assessment Questionnaire
- Risk Assessment Template
- Security Best Practices
HIPAA/HITECH
Assessment Toolkit
- Business Associate Toolkit
- Risk Assessment Toolkit
- ePHI Inventory Template
- Information Policy & Procedure
- HIPAA/HITECH Assessment Checklist
- Breach Determination Chart
Information (webinars) presented by EHR 2.0 highlights some of today’s most demanding healthcare topics. The webinars help to direct those operating in today’s rapidly changing environment in the right direction - Candace M., Privacy and Security Officer, Springhill Medical Center
Our state-of-the-art toolkit is built to assist all sizes of healthcare organizations develop, design and implement practices to comply with HIPAA/HITECH privacy, security and enforcement rules. EHR 2.0 toolkit includes following components:
- Tools: Required knowledge and know-how to design, implement, and administer comprehensive IT (HIPAA/HITECH and meaningful use) security protection programs in medical practices and small/medium hospitals including hipaa risk analysis, implementation template.
- Checklist: A structured checklist comprising of ~800 functional features and a robust scoring system to review hipaa security rules requirement periodically and meet meaningful use/HIPAA requirements on protecting electronic health information based on roles & responsibilities.
- Best practices: This organized list of simplified best practices helps your organization to select the list of best practices you need to implement for different technology systems. These best practices are developed from authoritative sources and several years experience gained in securing and auditing technology environment.
- Policies and Procedures: Our sample policies and procedures help you to hit the ground running to develop the required documents. Our sample policy template and procedures document covers all the critical key areas for HIPAA and HITECH security rules.
Our toolkit is actively used in the field today that is recommended by EHR 2.0 consulting services for use by healthcare organizations including business associates who have made the commitment to protect patient health information.
