Since the HIPAA Omnibus Rule was unveiled in 2013 there has been an ever increasing amount of healthcare organizations and individuals that are required by law to comply with new IT security rules and procedures many of these businesses, organizations and medical practices are located in NY's Hudson Valley and Northern New Jersey. Because of the confusing nature of a lot of these new IT security requirements you would be much better off with using an experienced IT Company who is HIPAA compliant and specialization in HIPAA Hitech Security rule to help you navigate these complicated new requirements. Conducting a HIPAA Risk Assessment is a mandatory and crucial requirement for these organizations known as "Covered Entities"
This includes entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.
In addition to the above so-called "Covered Entities" there is an estimated 2,000,000 additional "HIPAA Business Associates" that are exposed – or have access to -- protected information making them also subject to HIPAA regulations. A HIPAA Business associate is any of the following types of businesses that has one or more Covered Entities as a customer or client:
EVERY Business Associate, and all of their subcontractors, must have proof of a HIPAA Risk Analysis under the law. Even if they wanted to, most of these organizations do not have the staff, resources or expertise to do it themselves. HIPAA audits and investigations require evidence that required tasks have been carried out and completed by covered entities and documentation of this must be kept for six years.
Evidence of Compliance includes log-in files, patch analysis, user & computer information, and other source material to support your compliance activities. When all's said and done, the proof to proper documentation is accessibility and the detail to satisfy an auditor or investigator are included in this report.
After a Risk Assessment DCS can implement needed IT fixes and help clients with implementing procedures that are designed to allow authorized access and deny unauthorized access, to and within facilities, to limit access to devices that can access or store ePHI.