HIMSS, MGMA Release Security Toolkit for Small Provider Organizations

June 25, 2013
Earlier this week, the Chicago-based HIMSS and the Englewood, Colo.-based MGMA created an online and interactive resource that targets and educates clinicians, practice managers, and others who are part of a small provider organization on the complexities of data security and privacy.

Earlier this week, the Chicago-based Healthcare Information and Management Systems Society (HIMSS) and the Englewood, Colo.-based Medical Group Management Association (MGMA) created an online and interactive resource that targets and educates clinicians, practice managers, and others who are part of a small provider organization on the complexities of data security and privacy.

The idea for the Privacy and Security Toolkit for Small Provider Organizations germinated 10 years ago after HIMSS received feedback from smaller organizations that were having hard time with the complexities surrounding compliance with the Health Insurance Portability and Accountability Act (HIPAA) and needed additional tools. “It’s tailored with the assumption that [these institutions] might not have the resources, the background knowledge, or a dedicated security person that larger organizations have,” says Lisa Gallagher, senior director, privacy and security, HIMSS.

The toolkit, which was developed by a task force of HIMSS and MGMA volunteers, gives a complete background around major legal requirements for HIPAA and ARRA/HITECH [the American Reinvestment and Recovery Act/Health Information Technology for Economic and Clinical Health Act]. “There’s some guidance on specific areas of security practice that they need to start working on like risk analysis, which is required by HIPAA and Stage 1 meaningful use,” Gallagher says. She also mentions that the toolkit will continue to evolve and be updated with information from meaningful use Stages 2 and 3.

Gallagher finds risk assessments to be particularly important for smaller healthcare organizations to use as a basis to develop their security policies and procedures. “It’s a fundamental requirement and really a way to implement security,” she says. “When you take a look at your implementation and how your unique environment influences the vulnerabilities in your implementation, you can start working on those things, and it starts to feel like you have a handle on it.”

In late June HIMSS will release a privacy and security toolkit on patient identity integrity that will address the complex issues of maintaining data integrity as patient records are matched.

 

Sponsored Recommendations

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...

Spotlight on Artificial Intelligence

Unlock the potential of AI in our latest series. Discover how AI is revolutionizing clinical decision support, improving workflow efficiency, and transforming medical documentation...

Beyond the VPN: Zero Trust Access for a Healthcare Hybrid Work Environment

This whitepaper explores how a cloud-enabled zero trust architecture ensures secure, least privileged access to applications, meeting regulatory requirements and enhancing user...

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...