While organizations should focus on performing regular risk assessments and analyses, there are also other ways in which they must review their systems for compliance. Often, these other evaluations are overlooked despite their value, says Kevin Beaver, CISSP, an information security consultant in Atlanta. In particular, organizations should be careful not to forget about performing vulnerability assessments and penetration tests, which are components of an overall risk assessment or analysis, says Beaver, who is an editorial advisory board member for SHCC's sister publication Briefings on HIPAA.
As the use of electronic health records (EHR) surges and organizations work toward meaningful use attestation, more in-depth monitoring of electronic patient records is becoming increasingly necessary.
In the wake of several large breaches, OCR is ready to ramp up its oversight of HIPAA compliance as it embarks upon Phase 2 of its HIPAA privacy, security, and breach notification audits. OCR began preparing for this round of audits around the same time that news broke of the second-largest HIPAA breach in the U.S., a hacking incident that affected 4.5 million patients treated at or referred to Tennessee-based Community Health Systems, Inc.
If the 2-midnight rule keeps you up at night, it might help to add some PEPPER to your processes. CMS recently updated PEPPER, otherwise known as the Program for Evaluating Payment Patterns Electronic Report, to provide hospitals with insight into how well they're doing with 2-midnight rule compliance.
