A Security Risk Assessment is Mandatory for Your Practice or Organization.

Avoid EHR and HIPAA Penalties by Hiring a Certified Professional to Handle Your Annual Security Risk Assessments. Click Here to Learn More.

What Are the Penalties for NOT Having a Security Risk Analysis?

2016 Update

The HIPAA requirement for a risk analysis has been in place since 2003.  With changes to various programs, including Meaningful Use and ICD-10, enforcement of this requirement has started in force for all organizations who create, store, or exchange patient records.  2016 will bring an increase in audits and enforcement activities from various government organizations, some funded by the penalties and fines an audit may produce.   If your organization has not started this process, you may be vulnerable to fines that begin at $10,000 per occurrence.

In 2014 audits expanded to Home Health Care organizations, Nursing Homes, Dentist, and Physical Therapy
Organizations with a medical component.

A security Risk Analysis can save you or your organization thousands of dollars in fines and penalties, as well as preserving your business reputation, in the event of an audit.  CMS and the ONC recognize one credential, the AHIMA Certified in Healthcare Privacy and Security, as the professionals qualified to perform the Security Risk Analysis. Brothers and Associates LLC is a nationally recognized organization conducting Risk Analysis using the NIST format to help your organization meet the compliance requirements of HIPAA.  To schedule your risk analysis call us today at 502 517 6943.

About one in 20 participants in the meaningful use program can expect to face an audit for compliance with the program’s requirements, according to a CMS official.

The most common problems identified in the audits so far are:

  • Noncompliance with the requirement that health care providers conduct a data security risk assessment, which also is a requirement under HIPAA; and
  • A lack of adequate documentation to support responses to some of the “yes or no” meaningful use requirements, such as whether Formulary is active, or proof of Drug to Drug Allergy Checks.

The Security Risk Analysis evaluates your practice’s compliance with the HIPAA Security Standards. Failure to complete the Security Risk Analysis can prevent you from collecting the EHR incentive and/or risk the EHR Incentive you do receive in the event of an audit.

There are two types of penalties:

Meaningful Use Disqualification – The EHR incentive program requires satisfying all of the MU Measures. Reporting completion of the MU requirements with a failed or even missing Security Risk Analysis places your entire payment at risk. If you are audited- and this is a very regular occurrence…you will not only be disqualified but you may have to pay back every penny of incentive money already received.

HIPAA Security Penalties – If the Security Risk Analysis is not properly completed or the practice fails to address issues that would have been uncovered during a more appropriate analysis, your practice may be subject to HIPAA Security penalties. Such penalties can amount to more money per provider than you will ever receive for the EHR incentive program. term paper in marketing

About Bryan Brothers

Bryan Brothers is a healthcare consultant with over ten years’ experience in the healthcare and insurance industries.

With a start in IT business and retail network development, the transition to electronic medical records and meaningful use consulting services was a natural fit.

Bryan is a member of AHIMA, HIMMS, and the NRHA.

He served on the advisory board of Jefferson Technical College’s HIT program. As member of the staff of the University of Kentucky’s Regional Extension Center, worked as a policy and implementation advisor as well as a security consultant. Bryan has served major clients such as lead advisor to Norton Healthcare, and Twin Lakes Medical Foundation and worked with many prominent groups in central KY such as Nephrology Associates of Kentuckiana.

As the former REC Administrator for University Health Care, Bryan brings experience and knowledge to the table as a trusted advisor and privacy and security expert. In 2012 Bryan was commissioned as a Kentucky Colonel by Governor Steven Beshear, the award being the highest honor awarded by the Commonwealth of Kentucky.

Bryan has worked with over 1100 providers, assisting with the achievement of meaningful use, and completion of the HIPAA privacy and security risk assessment.

When Bryan performs a HIPAA Security Risk Assessment, he includes the following:

HIPAA Security Risk Assessment
Security Risk Analysis based on HITECH requirements for MU
Includes review of Administrative, Technical & Physical safeguards
Remediation plan and timeline to eliminate or mitigate identified gaps
HIPAA compliant sample policies provided
Performed by AHIMA Certified HIPAA Privacy & Security professionals

Speak Your Mind