Privacy & Security

There are many solutions and companies available to help providers meet the Privacy & Security Objective for Meaningful Use (Core Objective Number 15).  But, Quality Insights of Delaware - Regional Extension Center (QIDE REC) leverages risk assessment tools developed by the HHS Office of the National Coordinator to help providers meet the Privacy and Security Objective for Meaningful Use. These tools have been further enhanced and peer reviewed by security experts collaborating within the Health Information Technology Research Center.
 
To better assist our local providers, QIDE REC provides onsite visits by our Privacy & Security Specialist, who has more than 20 years of experience. Our expert will review with you Meaningful Use Privacy and Security Core Objective 15, measures for success and the required risk assessment process. During the risk assessment review, our Privacy and Security Specialist will help you identify, assess and document risks that pose a threat to Protected Health Information. Our QIDE REC Privacy & Security Specialist will provide reports documenting these findings along with recommendations for mitigating identified risks.
 

QIDE REC's Privacy & Security Specialist also provides educational and guidance materials concerning best practices for:

  • Breach Notification
  • Business Associate Agreements
  • Information Security Best Practices
  • And much more

Part of these educational materials include a primer on the HIPAA Security Rule and recommendations on how your practice could be more HIPAA compliant in preparation for HIPAA audits, which will begin in 2012.

As documented policies and procedures have been identified as an area of concern in past HIPAA investigations, QIDE REC also offers a comprehensive set of sample policy and procedure templates that a practice can use to identify policy gaps or to use as a starting point for developing new policies and procedures.  Some of the areas included in the policy and procedure template include:

  • E-mail and Internet usage
  • User logons and passwords
  • Encryption
  • Facility security
  • Remote access
  • Media disposal
  • Change management
  • Information system activity review
  • Emergency operations procedures
  • Security awareness and training
  • Breach notification procedures
  • Incident response tools 

In addition to assisting with the Meaningful Use Privacy and Security Objective, our Privacy and Security Specialist can assist a practice in fulfilling its HIPAA training requirement by providing onsite training on the latest changes to HIPAA (by way of the HITECH Act, rule making, etc.) and newest information security threats.

Contact Nicholas Heesters, QIDE REC's Privacy and Security Specialist to schedule an appointment today.

Nicholas P. Heesters, Jr., M.S., J.D., received his B.S. in Computer Science from the University of Delaware, his M.S. in computer engineering from Widener University and his J.D. from the Widener University School of Law. He has over 20 years of experience in Information Security and regulatory compliance supporting industries including: financial services, government, defense, higher education, research institutions and health care.

 

Privacy & Security Videos

 

 

NEW! OCR Privacy & Security YouTube Channel

HHS Office for Civil Rights (OCR) now has a Health IT Privacy & Security YouTube Channel.  Please visit it today to learn more about EHR privacy & security and HIPAA issues.  Here's just one of the videos featured on this channel (click on the image below to access the video):
OCR - Privacy and Security Video.JPG
 
 

Privacy & Security Resources

HIPAA Privacy Rule: http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/index.html
 Breach Notification: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/index.html
HIPAA Security Rule: http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/securityruleguidance.html
 

 Content Editor ‭[3]‬