An Important Rule that You're Probably Not Following

by  ChiroCode
April 28th, 2016

The HIPAA Security Rule requires that covered entities (your practice) conduct a Security Risk Assessment (SRA) for your organization, at a minimum of once per year. It is critical that practices perform the Security Risk Assessment for multiple of reasons. Not only is it important to comply with rules and regulations, but also, for what you may consider to be a more motivational reason, to protect your practice (and bank account) from what could become disabling fines and penalties.

Let me further explain...The Office of Civil Rights (OCR) in recent months has acknowledged that providers are not making compliance implementation a priority to their practices. Thus, the increased risk of unauthorized access, use, and disclosure of protected (and quite vulnerable) patient health information is still a factor. Not to mention the risk of practices not appropriately implementing other critical areas of compliance, which also pose significant vulnerability to practices as well as the heightened risk of significant fines and penalties.

While this message to you only very briefly describes the risk to your practice, providers, workforce, and patients, the message to take away here is that the Office of Civil Rights means business — so much, in fact, that it was decided that the best and only way to make sure that practices understand the significance of compliance is for OCR (along with governing entities such as HIPAA, and others) to increase efforts of enforcement. In short, HIPAA has teeth — and sharp ones at that. There is no such thing as "under the radar" or "off the grid" for practicing providers today.

One component of enforcement is in HIPAA Security. It's a priority for HIPAA to ensure that potentially identifying and vulnerable patient information is secure. And rightfully so, when you consider the risk of potential identity theft, medical identity theft, and other dangers posed to patients due to the amount and types of information that health care providers have on each patient. Not to mention the difficulty in finding the source of, and stopping the effects of identity theft or medical identity theft, should that occur (which it does, all too often).

Though there are other components of compliance, the Security Risk Assessment is one very essential component to compliance, and for many reasons. The Security Risk Assessment shows your practice's good faith effort in establishing and maintaining appropriate policies and procedures that meet guidelines and minimize risk to your practices and protected information. The Security Risk Assessment is required as a way for practices to show ongoing monitoring of critical business systems.

Enforcement of this area is at an all time high and will continue to gain steam. The best thing practices can do is to be proactive.

And finally, the Security Risk Assessment is also required for Meaningful Use attestation. Practices that are found to have received incentive payments through Meaningful Use but have not appropriately conducted a Security Risk Assessment per attestation requirements are having to refund all of the incentive payments received as well as run the very high risk of more in depth investigations and other potential penalties.

An Important Rule that You're Probably Not Following. (2016, April 28). Find-A-Code Articles. Retrieved from

© InnoviHealth Systems Inc

Article Tags  (click on a tag to see related articles)

Publish this Article on your Website, Blog or Newsletter

This article is available for publishing on websites, blogs, and newsletters. The article must be published in its entirety - all links must be active. If you would like to publish this article, please contact us and let us know where you will be publishing it. The easiest way to get the text of the article is to highlight and copy. Or use your browser's "View Source" option to capture the HTML formatted code.

If you would like a specific article written on a medical coding and billing topic, please Contact Us.


innoviHealth Systems, Inc.
62 East 300 North
Spanish Fork, UT 84660
Phone: 801-770-4203 (9-5 Mountain)
free demo
request yours today
free subscription
for any budget

Thank you for choosing Find-A-Code, please Sign In to remove ads.