In 2013, the HIPAA security rule was enacted regarding privacy, security and breach notification. It was made an application to all health care providers, clearinghouses, and payers. This rule protects the electronic health information of individuals that are produced, used, received, or maintained by a covered being. The national security rule requires the applicable technical, physical and administrative safeguards to guarantee the integrity, confidentiality, and security of individuals electronic protected health information.
The national HIPAA security rule currently demands that all healthcare organizations conduct thorough security risk analysis procedures. This process helps determine exposures that may result in the compromise of the integrity, confidentiality, or availability of an individual’s electronic Protected Health Information. Risk assessment helps an organization knows for sure it is upholding the HIPAA technical, physical and administrative, safeguards. Following through with proper risk assessment also helps uncover at-risk areas within your organization’s protected health information (PHI).
With this in mind, all skilled nursing facility administrators are encouraged to perform a rigorous security risk analysis. Either administrators, appropriate facility staff or both can utilize the Office of the National Coordinator for Health Information Technology (ONC) assessment tool to determine risk areas in the organization. The security risk assessment tool is available by clicking on the following link: http://www.healthit.gov/providers-professionals/security-risk-assessment-tool.
Upon completion of the risk assessment tool, skilled nursing facility administrators can determine their security risks and develop a plan to put into action. This security risk assessment should be a standard component of any skilled nursing facilities compliance program. It should be common practice to add the risk assessment and repeat it regularly, as new advancements and technologies are important developments that make access to protected health information possible.