HIPAA Consulting and Audits
There continues to be news about HIPAA, its regulations and enforcement through audits. Being compliant and prepared for a required audit is one of the most important business functions of a healthcare facility. Carolinas IT has an ISACA-certified Auditor on staff who conducts Security Risk Assessments with recommendations to help healthcare clients be as prepared as possible for an audit.
If a facility uses tablets and smartphones for electronic patient information, our optional software and Mobile Device Management Assessment can identify and recommend best practices.
Meaningful Use and Merit-Based Incentive Payment System (MIPS)
In 2009, the Federal Government passed the HIPAA HITECH act. A core objective of HITECH was to drive adoption and “meaningful use” of electronic health record systems. Ultimately, the feds sought the efficiencies and health benefits of automating the processing of medical records.
Almost anyone who is not operating as a hospital is considered an eligible professional (EP). Starting in 2011, EPs could receive incentive money for the early adoption of EHR systems. Those same EPs could receive additional incentives by progressing to more advanced stages of EHR implementation. As of October 1, 2017, all EPs must attest that they have at least completed the first stage and implemented an EHR system. EPs who fail to show Stage 1 MU, will have up to 6% of their Medicare/Medicaid reimbursements withheld.
Within the core elements for attestation at each stage is the requirement that the EP has completed a HIPAA Security Risk Assessment (SRA) pursuant to the HIPAA Security CFR. Completing a Security Risk Assessment is essential to ensuring your medical practice is compliant with the Meaningful Use regulations.