|Privacy and Security
Protecting patients’ health information is important to all healthcare providers and QHN is committed to helping providers review the administrative, physical and technical safeguards they have in place to assure the security of the information.HIPAA Resource Materials
The HIPAA Security Rule addresses the use and disclosure of individuals’ health information by organizations subject to the Rule. A key component of the rule is the requirement to provide patients with Notice of Privacy Practices (NPP) for Protected Health Information. Learn more about NPP requirements and guidelines.Another key requirement is conducting a security risk assessment. By completing a risk assessment, healthcare providers can uncover potential weaknesses in their security policies, processes and systems.
HIPAA Security Risk Assessment Tool
A security risk assessment (SRA) tool to help guide healthcare providers in small to medium sized offices conduct a HIPAA compliance assessment of their organization was recently released, by HHS.The SRA tool is designed to help practices conduct and document a HIPAA risk assessment in a thorough, organized fashion at their own pace. The Tool takes providers through each HIPAA requirement by presenting a “yes” or “no” question, showing the potential need to take corrective action and produces a report that can be provided to auditors. There are a total of 156 questions.
- The SRA Tool's website contains a User Guide and Tutorial video to help providers begin using the tool. Videos on risk analysis and contingency planning are available at the website to provide further context
- HIPAA Security Risk Assessment Tool
- Security 101: Security Risk Analysis– Risk Assessment Video
- HIT Security Risk Assessment Questionnaire
- HIT Risk Analysis Report Template
HIPAA Notices of Privacy Practices (NPP)
The HIPAA Privacy Rule requires healthcare providers to give individuals a Notices of Privacy Practices (NPP) to explain how they use and share their health information and how they can exercise their health privacy rights. Below are links to sample NPP’s in English and Spanish provided by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and Office for the National Coordinator for Health Information Technology (ONC).NPP Booklet Version NPP Layered Version NPP Full Page Version
NPP Booklet Version NPP Layered Version NPP Full Page Version
