“Our EHR/EMR fulfills all of our Security Analysis for our HITECH and Omnibus Requirements Right?”
Wrong. Even with a certified EHR/EMR, you must perform your internal security preparations and implementations. Protecting your PHI does not simply mean protecting your Patient database. You may have an HER/EMR maintained and serviced by a Business Associate but that does not imply full compliance. They may be able to supply information, aid, and training on the privacy and security aspects of the EHR/EMR product. However, EHR/EMR vendors are not responsible for making their products compliant with HIPAA Privacy and Security Rules. It is solely your responsibility to have a complete Secure Network in place as well as all “Required” policies and procedures.
This is where Medical ITG is there to help. We give you the tools necessary to secure your patients’ data. We not only help to protect your patients’ private records, but we also give you the education and policies to document every step that you have taken to fully follow security measures that the DHHS requires.