Don’t let the stricter HIPAA rules scare you. Just understand how they work, who’s at risk, and how to protect yourself. The first step is to hire a company like Matterform to conduct a risk assessment. This required document is the first thing a HIPAA auditor looks for, and skipping it could cost you.
You care about protecting patient privacy, and the HIPAA rules aren’t just a bureaucratic hassle—they’re actually great guidelines to help you protect your patients and your business. Compliance begins with a risk assessment, which is written documentation that deals with three basic elements:
These assessments are a powerful tool not just for healthcare providers—they’re useful in other industries as well, and Matterform is in high demand as a provider of assessments across a variety of businesses.
Matterform provides clients a risk analysis that covers every conceivable vulnerability with care and foresight, giving healthcare providers and their vendors the comfort of knowing they’re protected from government oversight. We conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of electronic protected health information (ePHI) held by the covered entity.
Here’s essentially what our customized assessments do for our clients:
Performing a risk assessment is a straightforward process in which Matterform does all the heavy lifting for you. The result is a tool that upper management can use to guide decision-making.
First we’ll work with you to determine the scope of the assessment. A full risk assessment covers all your Line of Business processes and applications. It can be a big project, so we start small and focused. Custom applications, databases, and electronic medical record systems (EMRs) are a great place to start, and are a Matterform specialty.
We’ll need access to your application and one or two interviews with staff. We’ll do the hard work.
Then we analyze everything and give you a written report.
This is the most important step: a plan of action. We grade risk levels based on likelihood and potential impact. The plan of action is a detailed security matrix covering each required and addressable HIPAA standard.
Finally, the executive summary outlines the top priorities in plain English.
Contact us, and we’ll start your risk assessment this week. The sooner you start, the sooner you can rest easy without the specter of compliance hanging over your head. We can help you prioritize and budget tasks to get you on the road to protecting patient privacy. This is a journey, not a destination. You’re never finished protecting patient privacy.
Matterform president Michael Herrick can be reached at firstname.lastname@example.org.
Photo: “Traffic Cones” by Sebastian Bergmann