| Topic(s) | 
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 established national standards to simplify electronic health care transactions and (under a separate Security Rule) address the security and privacy of health data.
|
 | HIPAA Overview
Healthcare organizations are required under law to protect their patients’ electronically stored protected health information (ePHI) by implementing physical, administrative and technical safeguards. Additionally, they are required to conduct an annual security risk analysis (SRA) including addressing the security of PHI, including data created or maintained by certified electronic health record technology (CEHRT).
Subsequent federal laws and regulations strengthened HIPAA Security enforcement. The HIPAA Ominbus Rule (2013) established fines and other penalties for covered entities failing to adequately protect ePHI, while HITECH (2009) and MACRA (2015) made the SRA a requirement for participants in the meaningful use and MIPS programs.
Whether participating in various quality incentive programs or seeking to reduce risk to your patients and practice, HIPAA compliance is an essential part of your organization’s overall risk management strategy.
|  |
How NextGen Healthcare Helps
NextGen Healthcare adheres to rigorous standards and protocols for securing and protecting ePHI so we can help you protect your data. In addition to conducting our own very thorough SRA, this includes meeting date security requirements for ONC 2015 Edition certification, as well as meeting HITRUST CST v8.1 certification criteria.
NextGen Healthcare provides the certified EHR technology our clients need to participate in incentive programs and the confidence of knowing we take data security seriously. However, our clients are still responsible for performing and documenting their own annual SRA and taking actions to remediate any identified risks.
|  |
HIPAA One®
Because NextGen Healthcare understands that HIPAA compliance can be time consuming, we have partnered with HIPAA One® to offer clients an automated and simplified SRA solution. HIPAA One® is an affordable, user-friendly solution designed to help healthcare organizations meet all their HIPAA Security and Privacy obligations.
Based on industry and regulatory standards, the online HIPAA One® tool walks you through the SRA, privacy assessment and breach notification process and generates a professionally organized and formatted report covering physical, administrative and technical safeguards; CEHRT and other ePHI systems; policies and procedures; and more. Each HIPAA One subscription also includes a Nessus Professional Feed® Vulnerability Scan.
NextGen Healthcare partners with HIPAA One® to deliver hands-on assistance with HIPAA Security rules and best practices and training on the online HIPAA One® SRA tool.
Contact your NextGen Healthcare sales or account representative to get HIPAA One® today!
|  |
HIPAA Resources and Information
- CMS Privacy, Security and Breach Notification fact sheet
- CMS Privacy and Security information website
|
|
|
|---|
