The general rules for security, risk analysis, and risk management implementation specifications, and evaluation standards are key directives for ongoing compliance assurance. Although risk analysis concepts guidance appears in the Security Rule, many organizations use it for auditing Privacy Rule processes as well.
Q: Our facility does not often use open-ended queries to physicians. Could you give an example of an open-ended query and any disadvantages they may have?
The comprehensive population health program at Northern Arizona Healthcare in Flagstaff didn’t come together overnight. Rather, it evolved over time, relying on trial and error to fill the care gaps that so often result in avoidable hospital readmissions.
Q: We see many assertions that encryption at the right level meets the National Institute of Standards and Technology (NIST)/HIPAA safe harbor provision with no explanation of what is necessary to prove the breached electronic protected health information (PHI) was actually encrypted at the moment of breach. How can a covered entity prove the PHI was actually encrypted at the time of the breach?
