The Office of the National Coordinator for Health Information Technology (ONCHIT) Office of the Chief Privacy Officer (OCPO) recently released a Guide to Privacy and Security of Health Information – an instructional guide designed to help healthcare practitioners, staff, and other professionals better understand the important role privacy and security play in the use of electronic health records (EHRs) and Meaningful Use.
The guide is a comprehensive, and easy-to-understand tool to help providers and professionals integrate privacy and security into their clinical practice and includes sections addressing:

·       Privacy & Security and Meaningful Use
·       Security Risk Analysis and Management Tips
·       Working with EHR and Health IT Vendors
·       A Privacy & Security 10-Step Plan
·       Health IT Privacy and Security Resources

I especially liked the Security Risk Analysis Myths and Facts section in Chapter 2!  An example:

Myth: A checklist will suffice for the risk analysis requirement.
Fact: False. Checklists can be useful tools, especially when starting a risk analysis, but they fall short of performing a systematic security risk analysis or documenting that one has been performed.

Full Guide: Check out the full Guide to Privacy and Security of Health Information: http://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide.pdf.
Contact Pondurance if you would like help with your HIPAA/HITECH risk assessment.
Steve Lodin is a consultant with Pondurance and has been a CISSP since 1998.

Sign Up for Our Communications