One of the most common sources of confusion about the meaningful use requirements is the Privacy and Security Risk Analysis measure. As I discussed in a past Meaningful Use Monday post, according to CMS, practices that are HIPAA compliant are likely in pretty good shape on this measure. For those physicians, what’s needed is documentation of the steps that were taken to review HIPAA compliance, the deficiencies identified, and what was done to remediate these exposures. (For more information, see the meaningful use chapter in ONC’s “Guide to Privacy and Security of Health Information.”)
This begs the question, “What exactly is HIPAA compliance?” I recently came upon the “Privacy and Security Training Game” that was created by ONC’s Chief Privacy Officer and couldn’t resist playing. While a lot of the information provided is quite basic for those with expertise in the privacy and security arena, as you progress through the game, the questions become more challenging. It’s definitely a fun way to introduce staff to the issues and increase awareness about the importance of safeguarding patient information.
Check out all of the past Meaningful Use Monday posts.