ONC recently published an updated guide for Privacy and Security of Electronic Health Information. This episode David and Donna discuss what that guide calls the Seven-Step Approach for Implementing a Security Management Process.
Links
Guide to Privacy and Security of Electronic Health Information
Notes
The 7 Steps
Step 1: Lead Your Culture, Select Your Team, and Learn
Assign your officers, make sure they are trained, show compliance is a top down commitment
Step 2: Document Your Process, Findings, and Actions
If you can’t prove it then it didn’t happen. Document your decisions, plans and activity
Step 3: Review Existing Security of ePHI (Perform Security Risk Analysis)
Review or perform your Security Risk Analysis and current security assessment
Step 4: Develop an Action Plan
The plan needs to address all the things you identified in your assessments, policies, and procedures
Step 5: Manage and Mitigate Risks
This is where your project management skills come into play making sure you have addressed all the risks in your Analysis and new ones aren’t showing up
Step 6: Attest for Meaningful Use SecurityRelated Objective
If you are attesting make sure you have done the previous steps
Step 7: Monitor, Audit, and Update Security on an Ongoing Basis
Remember it isn’t a project that has a beginning and ending date