Healthcare HIPAA-HITECH/OCR/MU Security Risk Assessment
Today’s healthcare organizations face many challenges when it comes to information security, including staying compliant with the HIPAA Security Rule and the American Recovery and Reinvestment Act of 2009 (Stimulus Act). While provisions such as the HITECH Act have added protection and breach notification requirements for healthcare providers, incentive money is available for the implementation and meaningful use (MU) of electronic health records. However, in order to qualify for CMS incentive funding, meaningful use mandates a security risk assessment.
Sirius has developed a Healthcare HIPAA-HITECH/OCR/MU Security Risk Assessment to help organizations meet compliance requirements and qualify for incentives. It comprises three essential components:
- HIPAA/HITECH Gap Assessment
- ePHI Data Flow Analysis
- Technical Security Evaluation
Business Value
- Provides the strategic information that organizations need to ensure electronic Private Health Information (ePHI) data is private and secure
- Uses a standards-based assessment methodology based on the guidance and standards developed by the National Institute of Standards and Technology (NIST), HHS/CMS and ISO 27001/27002 standards for Information Security Programs
- Deliverables include a Final Findings Report, and an Executive Summary of Key Findings