KENTUCKY REGIONAL EXTENSION CENTER

HIPAA Privacy & Security
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules establish federal requirements for ensuring patient health information is protected. Compliance with the HIPAA Privacy and Security regulations can help ensure health information is not accessible to hackers, bad actors and others that pose a threat to patients’ privacy and security.

For health care providers, although complex, compliance with HIPAA is especially important. The federal government can impose severe sanctions on organizations found in violation of HIPAA. Federal regulations for meaningful use and MACRA/QPP also require participating providers to perform a security risk assessment each year to be eligible for incentives or bonuses.

The Kentucky REC can help with navigating HIPAA’s requirements to safeguard the confidentiality, integrity and availability of patient information. We offer two services to aid health care organizations: Security Risk Analysis and Project Management services.

For more information on these services, click the boxes below or contact the Kentucky REC today.

WEEKLY HIPAA TIP

HIPAA PRIVACY AND SECURITY REMINDER: COMPLIANCE DURING A PANDEMIC: PART 4

One of the most important aspects of making sure you are HIPAA compliant is performing an annual Security Risk Assessment. With social distancing, busy clinics, and increased workload, it's easy to continue day to day without wanting to take the time to perform a risk assessment. Conducting a risk assessment is the first step in identifying and implementing safeguards with the security rule. This is especially important with the adoption of new technologies to see patients such as telehealth.

This reminder is part of a series of HIPAA Security Reminders from the Kentucky Regional Extension Center. These reminders can be used by covered entities and business associates looking to comply with the HIPAA Security Rule’s CFR §164.308(a)(5)(ii)(A), which states, “Security reminders (Addressable). Periodic security updates.”

Feel free to share this with your workforce/staff to remind them of the importance of safeguarding protected health information (PHI), especially PHI that is in electronic form (ePHI).  A new security reminder is posted at the beginning of each week.  If you have any questions or would like to speak to someone at the REC about HIPAA Privacy and Security please contact us at Kentucky REC or call (859) 323-3090.

Security Risk Analysis

A Security Risk Analysis is an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic patient health information (ePHI).

Project Management Services

Planning is essential to mitigating risks. Whether it’s a policy limiting the use of unencrypted portable devices or testing back-ups to ensure a disaster recovery plan is effective, having a strategy and a plan helps prevent the unauthorized access, use, or disclosure of ePHI.