As a medical practice, it is imperative that you complete your comprehensive risk analysis. Not just to meet meaningful use, but to avoid steep HIPAA fines, and to make sure that you are adequately protecting patient health information.
I often tell my customers, “a HIPAA assessment is not so we can “catch” you doing something. It is so that you minimize the risk of something happening, and if it does happen, you are prepared to handle it. It’s basically getting your ducks in a row.” It is my opinion that practices are somewhat afraid to have an assessment done. They think it will cost them a lot of money to “fix” things, and they are actually afraid of someone acknowledging just how out of compliance they are. I always tell them, “no one has everything in order the first time. No one has proper policies and procedures”, and sometimes that will ease the fears. Especially when dealing with the IT department. They think you are there to catch them not doing their jobs. Not so. We want to help.
If you do not have a policy procedure manual, or you did not complete your comprehensive risk analysis, Tier3MD can help you. We have a very thorough risk analysis that we can complete for you at very little cost.
Don’t let this slip away.