Conducting Your Skilled Nursing Facility Risk Analysis: Last year, HIPAA privacy, security and breach notification rules were made applicable to healthcare providers, payers and clearinghouses. The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.
The HIPAA Security Rule now requires all healthcare organizations to conduct a thorough security risk analysis to determine exposures that may lead to the compromise of the confidentiality, integrity or availability of patients' electronic Protected Health Information. A risk assessment helps your organization ensure it is compliant with the HIPAA administrative, physical, and technical safeguards. A risk assessment also helps reveal areas where your organization’s protected health information (PHI) could be at risk.
With this in mind, SNF Administrators are encouraged to conduct a rigorous security risk analysis. Administrators and/or appropriate facility staff can utilize the Office of the National Coordinator for Health Information Technology (ONC) assessment tool to determine risk. You can find the tool by clicking on the following link: https://www.healthit.gov/providers-professionals/security-risk-assessment-tool
Upon completion of this tool, facilities will be able to determine their risks and put into place an action plan. It should be a common practice among facilities to add this risk assessment to their Compliance Program and regularly repeat the risk assessment as new technologies and advancements develop and enable potential access to Protected Health Information.