Search the KHIT Blog

Thursday, August 1, 2013

54 Days and counting. Time to get on the Omnibus

Meaningful Use may at this point be up in Congress, it may be down, its fate may be inscrutably uncertain.  PPACA may at this point be up, it may be down, it may be inscrutably uncertain. Maybe the GOP will make good on their extreme right wing's threat to shut down the federal government on October 1st.

One thing is certain, though. You have until Monday, September 23rd, 2013 to be documentably in compliance with HIPAA as amended by HITECH -- the "Omnibus Rule."

If you have yet to start on this, I rather doubt you'll make it on time, even with a full-bore effort starting today. There will be no backdating of compliance records. Yeah, you may not get audited until well into 2014, but if you are either a CE (Covered Entity) or BA (Business Associate of a CE) and cannot satisfy HIPAA regulators that your full compliance ensued on or before September 23rd, you will come to rue that circumstance. HHS has declared that HIPAA audits will be "self-funding," i.e., the settlement fines will pay for the compliance program.

My former HealthInsight REC colleague Carlyn Choate has been on a tear lately, giving numerous webinars and writing about HIPAA related topics (PDF).
What are Risk Assessment, Risk Analysis, and Risk Management?
In order to understand Meaningful Use Core Measure 15, first you need to understand the difference in Risk Assessments, Risk Analysis, and Risk Management. Many individuals use these terms interchangeably, however there are significant differences in each of these.

  • Risk Assessment: A risk assessment is a term used to identify the overall risk analysis process. This consists of the evaluation of the environment and assesses the potential threats to the organization.
  • Risk analysis: A risk analysis is the detailed granular process of identifying the weaknesses that make the organization vulnerable to threats.
  • Risk management: This is an ongoing maintenance process that includes the practical application and implementation of making corrections, developing policies and procedures, monitoring, evaluating and communicating risk.
Each of these terms is the stepping stone for the other; for example, you cannot “analyze” a situation without first “assessing” what it is you want to analyze, and you cannot “manage” something without knowing what it is you are trying to control and prevent.
Below, Are You Ready For Some Football? Gotta love the cute copywriting analogies. "Offensive Plays." "Defensive Plays." Special Teams."

They provide free stuff -- with registration required, though. Good looking material.


Every morning I read the latest postings on The Health Care Blog.

I would expect that they will clear this up pronto.

More to come...

No comments:

Post a Comment