Privacy and SecurityProtecting patients’ health information is important to all healthcare providers and QHN is committed to helping providers review the administrative, physical and technical safeguards they have in place to assure the security of the information.
HIPAA Resource MaterialsThe HIPAA Security Rule addresses the use and disclosure of individuals’ health information by organizations subject to the Rule. A key component of the rule is the requirement to provide patients with Notice of Privacy Practices (NPP) for Protected Health Information. Learn more about NPP requirements and guidelines.
Another key requirement is conducting a security risk assessment. By completing a risk assessment, healthcare providers can uncover potential weaknesses in their security policies, processes and systems.
HIPAA Security Risk Assessment ToolA security risk assessment (SRA) tool to help guide healthcare providers in small to medium sized offices conduct a HIPAA compliance assessment of their organization was recently released, by HHS.
The SRA tool is designed to help practices conduct and document a HIPAA risk assessment in a thorough, organized fashion at their own pace. The Tool takes providers through each HIPAA requirement by presenting a “yes” or “no” question, showing the potential need to take corrective action and produces a report that can be provided to auditors. There are a total of 156 questions.
- The SRA Tool's website contains a User Guide and Tutorial video to help providers begin using the tool. Videos on risk analysis and contingency planning are available at the website to provide further context
- HIPAA Security Risk Assessment Tool
- Security 101: Security Risk Analysis– Risk Assessment Video
- HIT Security Risk Assessment Questionnaire
- HIT Risk Analysis Report Template