This webinar will review the "As Is" state of "Accounting for Disclosures" and how the HITECH Act modified it. It will also review the implications of HHS' Proposed Accounting Rule, which has been widely debated.
The ONC is proposing to add more tools to its privacy and security toolbox in order to make risk assessments easier to understand for small practices. In short, they appear to be adopting an IT mindset that says "we have to cater to our users."
What ONC doesn't get is that it's NOT that small practices don't understand risk assessments, rather it's that they DON'T want to do them. Clinicians up and down the healthcare pecking order are some of our "best and brightest." If ONC continues to treat them as "dumb users" then that is the behavior they will continue to get.
There are plenty of tools and templates in the marketplace. What small practices need to understand is that there will be consequences if they ignore the law. AND ONC does them no favors by taking this "feel good" approach and treating them like children!
That won't stop the fines that result from a major breach (e.g. another lost laptop, phone, etc.) and it won't stop the class action lawsuit that is sure to follow. When the inevitable ocurrs yet again, OCR will be forced to "whack" an unsuspecting practice, probably for "willful neglect," despite the fact that this is the behavior that they are encouraging.
Apparently, in the age of cyberwarfare, the ONC still doesn't recognize that the world has changed and that "This Ain't Your Daddy's HIPAA Anymore!"
This article explores why more and more covered entities ("CEs") and business associates ("BAs") may be forced to do a greater number of Risk Assessments per year than first anticipated. The Security Rule generally indicates that a Risk Assessment ("RA") must be done "as required" (e.g. when your operational environment changes OR if, as a practical matter, your organization has never actually done an RA and it is trying to comply with Meaningful Use objectives).