[MT-L] HIPAA Security analysis for Meaningful Use

2 views
Skip to first unread message

Tom Hoffman

unread,
Jan 27, 2012, 4:02:33 PM1/27/12
to medit...@mtusers.com

We all need to do a HIPAA Security analysis in order to attest to Meaningful Use.

“Conduct or review a security risk analysis per 45 CFR 164.308 (a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process”

I am wondering how others are going about meeting this requirement.

If you want about 110 pages of questions to answer, the HIPAA Security Rule Toolkit from NIST may help -

http://scap.nist.gov/hipaa/NIST_HSR_Toolkit_User_Guide.pdf

http://scap.nist.gov/hipaa/downloads/Setup_HSR_Toolkit.exe

I hope there are less comprehensive options out there that would be considered valid.

I am interested to hear about any tools or solutions that have worked for others.

Thanks,-Tom Hoffman
Manager of Information Services
Wayne Memorial Hospital
570-251-6504
hof...@wmh.org

===###===###===###===###===###===###===

Please do NOT send messages that ask "Please post to the list" or "I'd like to see your answers" or "Send that info to me, too" These are useless messages that just waste the email server's resources. Instead, email the original requester and ask that they send you or post the results of their question.

To UNSUBSCRIBE or to SUBSCRIBE, go to http://MTUsers.net for information.

You can locate the:
1) meditech-l archives
2) NPR/Magic/CS tips
3) job opportunities in the Meditech community
http://mtusers.net

Do NOT send email to meditech...@MTUsers.com. This is a system email box that is NOT monitored by a human. If you need help or advice on how to use the meditech-l, email lo...@MTUsers.com or ju...@MTUsers.net. Both of these people help manage the meditech-l, so they are your best resource.

===***===***===***===***===***===***===

Jim Sehloff

unread,
Jan 27, 2012, 4:07:03 PM1/27/12
to Tom Hoffman, medit...@mtusers.com
I am actually planning a presentation on that subject at MUSE
International. As a preview, look at
http://www.hipaacow.org/home/risktoolkit.aspx. There is no easy way to
do a thorough risk analysis. This is a good place to start. I was on
the workgroup that put this together, but I must credit the others on
the group with far more input than I had.

Jim Sehloff
M.S. MT(ASCP)
Information Security Analyst
CareTech Solutions at Holy Family Memorial
Office: (920) 320-2799
Cell: (920)973-4431

Neeva

unread,
Jan 27, 2012, 9:32:13 PM1/27/12
to Jim Sehloff, medit...@mtusers.com, Tom Hoffman
We contracted with a 3rd party to conduct our HIPAA Security Analysis.
However, we did our Risk Analysis ourselves.

~Mike Cottle

Robert White

unread,
Jan 30, 2012, 6:38:17 AM1/30/12
to medit...@mtusers.com, Tom Hoffman
Why?

>>> "Tom Hoffman" <hof...@wmh.org> 1/27/2012 4:02 PM >>>

http://scap.nist.gov/hipaa/NIST_HSR_Toolkit_User_Guide.pdf

http://scap.nist.gov/hipaa/downloads/Setup_HSR_Toolkit.exe

===###===###===###===###===###===###===

===***===***===***===***===***===***===

Disclaimer: The information in this message is confidential. If you are
not the intended recipient, do not disclose, copy, or distribute this
message, and please immediately contact the sender.

Reply all
Reply to author
Forward
0 new messages