Our HIPAA Compliance Program
Our program offers cost effective solutions to organizations so you can avoid HIPAA audits and monetary fines.
Under the HIPAA Security Rule, Covered Entities (CE’s) are required to conduct an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI (Electronic Patient Health Information). The Security Risk Analysis is mandatory for any organization that accesses ePHI. On completion of a Security Risk Analysis, you must take any additional “reasonable and appropriate” steps to reduce identified risks to reasonable and appropriate levels.
FAQ
Frequently asked questions about SPIN services.
Is the Security Risk Assessment optional?
No. Not having a thorough Security Risk
Assessment (SRA) performed is a major HIPAA violation. All Covered Entities are required to have a
Security Risk Assessment performed if they have access to PHI/ePHI. Also, all providers who are
participating in MACRA/MIPS are considered to be at a higher risk for a government audit.
Do I only need to have a Security Risk Assessment performed once?
No. To comply with
government regulations, you must continue to review, correct or modify risks, and update your security
protections on an ongoing basis. Due to changes within a practice and continually growing cyber threats
and attacks, we recommend a Security Risk Assessment be conducted or updated annually.
When it comes to a HIPAA Security Risk Assessment, before I attest for MACRA/MIPS, do I need to fully mitigate all risks?
No. MACRA/MIPS requires that you conduct a Security Risk Assessment
each year. You must be able to prove that your practice has been continually addressing gaps in your
compliance that the risk assessment indicates. If the Center for Medicare and Medicaid Services audits
you, a current SRA, as well as previous year’s SRAs, showing what high-risk areas have been mitigated
must be illustrated for compliance.
My Electronic Medical Record company handles my MIPS reporting, why do I need SPIN to help with this?
Most Electronic Medical Record (EHR) companies do not report your data in a way that
is best for your MIPS score. They report the minimum amount of information necessary, or they will
report way too many measures, all of which can have a huge impact on your overall MIPS score. With
SPIN, we will work with your EHR company in an effort to get you the best possible score, so that you do
not leave any Medicare Part B increase money on the table.
What happens if my practice gets audited, has a patient compliant or experiences a breach?
With SPIN, you would contact a member of your SPIN team and they would work with you to
rectify the issue on your behalf. You will have an attorney dedicated to your case.