Complimentary HIPAA Education Series

 | No Comments on Complimentary HIPAA Education Series
FREE HIPAA Education Series
presented by The Compliancy Group
Register Here!
June 4thJust the Facts:
Meaningful Use Stage 2 & ICD10
Declining revenues are becoming very common among physician practices.  Less money is being collected by patients, payer reimbursements are declining and operational costs areRead More>>
June 4thWhat You Need to Know about
Meaningful Use 2 & Interoperability
You are constantly challenged to stay abreast of the latest information on EHR integration and HIE interoperability, Meaningful Use stages, the Direct Project, clinician and patient portalsRead More>>

Simplify Your EMR, Practice Management, & Medical Billing Services Today.

Are you exploring new EMR, Practice Management or Medical Billing systems or services? Simplify your search and save countless hours sorting through systems and services. Contact EHR Scope today!


EHR Scope provides complimentary EMR and Medical Billing consultation that compares and sorts your needs to 600+ EMR and Medical Billing systems. Trusted by thousands of providers since 2004!


Learn more at

Security Risks- What’s the Rule?

 | 1 Comment on Security Risks- What’s the Rule?

The first step towards compliance with the HIPAA Security Rule is to perform a risk assessment on your system.   You aren’t required to do this yourself- you may choose to hire a consultant- but you will be expected to understand the assessment findings.  So what are ‘risks’, and how are they measured?  Let’s start by defining some terms as they appear in the Rule.

Section 164.308(a)(1) requires covered entities to “conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of EPHI held by the covered entity.”  In this statement:

“EPHI” stands for Electronic Personal Health Information.  This includes all medical information related to patients in your care.   

“Vulnerabilities” are weaknesses in the way your system handles information.   This can mean anything from inadequate physical security at your office (such as locks and alarms), to employing out-of-date software, to failing to employ the security features included in your software (not creating passwords, etc.).

Threats are forces that will exploit vulnerabilities.  This can mean people, such as disgruntled employees, burglars and hackers, or it can mean things like fires, floods, earthquakes and tornadoes. 

“Risk”, therefore, is a calculation of two things:  first, the probability that a given threat will exploit vulnerabilities in your system, and second, an estimate of how much damage would be caused by that exploitation.  Risk is hard to assess; the factors involved are often subjective.  Just because an event has a low probability level doesn’t mean it can’t or won’t happen…and highly probable events with risk assigned might not impact your system security at all.

For instance:  a viral infection on a computer in your system is highly probable, but the likelihood that the infection would lead to a system failure or security breach is small…therefore it would be considered a low-risk scenario.   If a burglar, however, were to break into your office and steal all of your equipment, there is a 100% chance that your data will become unavailable to you and a good chance it may end up in malicious hands.  Even if the crime rate is low in your neighborhood, this would be considered a high-risk scenario.

No matter what your assessment finds, when you address the vulnerabilities of your system and (where possible) eliminate threats, you reduce your overall risk levels- this is the best way to ensure you’ll be in compliance with the Rule. 

Join us next week for some tips on how to conduct your risk analysis. 

Ryan Ricks
Security Officer