NextGen® Office offers professional services to assist you with your security risk analysis and ensure your practice is compliant. We describe below what a security risk analysis is and how NextGen Office can help. If you are interested in purchasing services, contact your sales representative or email NGO_SRA@nextgen.com.
HIPAA Overview
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 established national standards to simplify electronic health care transactions and (under a separate Security Rule) address the security and privacy of health data.
Healthcare organizations are required under law to protect their patients’ electronically stored protected health information (ePHI) by implementing physical, administrative, and technical safeguards. Additionally, they are required to conduct an annual security risk analysis (SRA) including addressing the security of PHI, including data created or maintained by certified electronic health record technology (CEHRT).
Subsequent federal laws and regulations strengthened HIPAA Security enforcement. The HIPAA Ominbus Rule (2013) established fines and other penalties for covered entities failing to adequately protect ePHI, while HITECH (2009) and MACRA (2015) made the SRA a requirement for participants in the meaningful use and MIPS programs.
Whether participating in various quality incentive programs or seeking to reduce risk to your patients and practice, HIPAA compliance is an essential part of your organization’s overall risk management strategy.
How NextGen Healthcare Helps
NextGen Healthcare adheres to rigorous standards and protocols for securing and protecting ePHI so we can help you protect your data. In addition to conducting our own very thorough SRA, this includes meeting date security requirements for ONC 2015 Edition certification, as well as meeting HITRUST CST v8.1 certification criteria.
NextGen Healthcare provides the certified EHR technology our clients need to participate in incentive programs and the confidence of knowing we take data security seriously. However, our clients are still responsible for performing and documenting their own annual SRA and taking actions to remediate any identified risks.
HIPAA One
Because NextGen Healthcare understands that HIPAA compliance can be time consuming, we have partnered with HIPAA One to offer clients an automated and simplified SRA solution. HIPAA One is an affordable, user-friendly solution designed to help healthcare organizations meet all of their HIPAA security and privacy obligations.
Based on industry and regulatory standards, the online HIPAA One tool walks you through the SRA, privacy assessment, and breach notification process, and generates a professionally organized and formatted report covering physical, administrative, and technical safeguards; CEHRT and other ePHI systems; policies and procedures; and more. Each HIPAA One subscription also includes a Nessus Professional Feed Vulnerability Scan.
NextGen Healthcare partners with HIPAA One to deliver hands-on assistance with HIPAA security rules and best practices and training on the online HIPAA One SRA tool.
Contact your NextGen Healthcare sales representative or email NGO_SRA@nextgen.com to get help on your security risk analysis today!
HIPAA One Support
If you have not already purchased services for HIPAA One, contact your sales representative to learn more about the services or email NGO_SRA@nextgen.com.
If you have already purchased HIPAA One, email support@hipaaone.com.
External HIPAA Resources and Information
CMS Privacy, Security and Breach Notification
fact sheetCMS Privacy and Security information
website
See Also: Measure Paper - Medicaid Promoting Interoperability Stage 3 2020 Objective #1 Protect Patient Health Information for NextGen OfficeMeasure Paper - MIPS Promoting Interoperability 2020 Protect Patient Health Information for NextGen Office
