ONC recently published an updated guide for Privacy and Security of Electronic Health Information. This episode David and Donna discuss what that guide calls the Seven-Step Approach for Implementing a Security Management Process.

Links

Guide to Privacy and Security of Electronic Health Information

FindHealthcareIT

HIPAAforMSPS.com

Kardon Compliance

Notes

The 7 Steps

Step 1: Lead Your Culture, Select Your Team, and Learn

Assign your officers, make sure they are trained, show compliance is a top down commitment

Step 2: Document Your Process, Findings, and Actions

If you can't prove it then it didn't happen. Document your decisions, plans and activity

Step 3: Review Existing Security of ePHI (Perform Security Risk Analysis)

Review or perform your Security Risk Analysis and current security assessment

Step 4: Develop an Action Plan

The plan needs to address all the things you identified in your assessments, policies, and procedures

Step 5: Manage and Mitigate Risks

This is where your project management skills come into play making sure you have addressed all the risks in your Analysis and new ones aren't showing up

Step 6: Attest for Meaningful Use Security­Related Objective

If you are attesting make sure you have done the previous steps

Step 7: Monitor, Audit, and Update Security on an Ongoing Basis

Remember it isn't a project that has a beginning and ending date