Required versus Addressable HIPAA Implementation Specs
Thursday, September 2nd, 2010The HIPAA Security Final Rule comprises Standards (what must be done) and Implementations Specifications (how it must be done) for creating policies, procedures and practices to prevent, detect, contain and correct security violations.
Implementation specifications are indicated as required or addressable. As organizations work towards HIPAA-HITECH compliance, it is important to understand the difference.
A covered entity or business associate must comply with a required implementation specification must. For example, all covered entities and business associates including small providers must conduct a “Risk Analysis” in accordance with Section 164.308(a)(1) of the Security Rule.
For addressable implementation specifications, covered entities must perform an assessment to determine whether the specification is a reasonable and appropriate safeguard in the covered entity’s environment. After performing the assessment, an organization decides if it will:
- Implement the addressable implementation specification as stated;
- Implement an equivalent alternative measure that allows the entity to comply with the standard; or,
- Not implement the addressable specification or any alternative measures, if equivalent measures are not reasonable and appropriate within its environment.
Covered entities and business associates are required to document these assessments and all decisions. For example, all covered entities including small providers must determine whether “Encryption and Decryption” is reasonable and appropriate for their environment in accordance with Section 164.312(a)(1) of the Security Rule.
Factors that determine what is “reasonable” and “appropriate” include cost, size, technical infrastructure and resources. While cost is one factor entities must consider in determining whether to implement a particular security measure, some appropriate measure must be implemented.
An addressable implementation specification is not optional, and the potential cost of implementing a particular security measure does not free covered entities from meeting the requirements identified in the rule.
Our advice…
- Don’t waste time debating about ‘addressable’ versus ‘required’.
- Just do it! – the vast majority of the standards specifications make good business sense.
- HIPAA Security Standards set a “floor” or “baseline” for security
- Don’t make the mistake of thinking ‘addressable’ means ‘optional’; it does not!
- Check out our HIPAA-HITECH compliance software to jump-start your program
bob.chaput@datamountain.com | (800) 704-3394 | Follow Bob on Twitter: twitter.com/BobChaput
Using Social Media to Increase Patient Volume
Thursday, September 2nd, 2010
Using Social Media to Increase Patient Volume Webinar
With more than a few things going on in the “back office” of most medical practices and hospitals (e.g., EHR/EMR, Meaningful Use, HIPAA-HITECH compliance, etc), what’s the best way to ensure there are still patients coming into the “front office”. Who’s worrying about growing the practice?
Our Colleagues at HITECHAnswers.net are sponsoring this webinar and have offered us a discount to pass along to all of our readers and customers. Register for this action-packed webinar entitled “Using Social Media to Increase Patient Volume” using the DISCOUNT CODE = cj5w and receive a $50.00 discount.
Session date: Tuesday, September 14, 2010
Starting time: 2:00 pm, Eastern Daylight Time (New York, GMT-04:00)
Duration: 2 hours
Presenters: John Luginbill
Description: Social Media is only valuable if it can be monetized and used to contribute directly to the growth of your practice or hospital. The key is to use a three-pronged approach to create a comprehensive social media strategy that is automated and results-oriented.
Join John Luginbill, CEO and Founder of THE HEAVYWEIGHTS on September 14, 2010 from 2pm – 4pm EST for a live learning session to share this three-pronged approach.
This event will provide you with the background and tools to implement a sustainable social media strategy for your organization. It includes:
- Social media defined and usage trends
- The opportunity social media presents to increase patient volume
- The 4-step framework for implementation in 60 days
- Guiding principles for developing a strategy
- Tips and tools to stimulate your social media program
- Worksheets to help you select the right technology
- Case studies
Cost of this event includes a video recording of the session you can view or download to your desktop to refer to as often as needed post event.
John is the CEO and Founder of THE HEAVYWEIGHTS, an innovator in health system, clinic and physician group marketing strategy as well as a leader in the marketing and promotion of consumer packaged goods. He is author of the blog TurnUpYourVolume.com providing healthcare professionals information on how to increase patient volume. Visit his blog to sign-up for his newsletter.
THE HEAVYWEIGHTS has helped some of the nation’s largest healthcare systems increase volume. Some of these systems include:
- Clarian Health
- Indiana University School of Medicine
- Indiana University Bren and Melvin Simon Cancer Center
- Riley Hospital for Children
Learn how to increase your patient volume from the leader in the industry.
Session fee (USD$): 179.00
Host’s name: Carol Flagg
Host’s email: cflagg@pivotalsolutiongroup.com
bob.chaput@datamountain.com | (800) 704-3394 | Follow Bob on Twitter: twitter.com/BobChaput
Twitter Updates
Blog Updates
Security Updates
Follow Us
