A couple of weeks ago we posted Part 1 of 5 Things You Need to Know about Optometry Software Risk Assessment. Today, we are going to finish the conversation with Part 2. It's important to understand the requirements of a risk assessment to keep your practice compliant and secure in 2016. HealthIt.gov is a great resource for learning about government regulations and risk assessment questions.
Part 2: 5 More Tips for Understanding Optometry Software Risk Assessment
1. Your EHR vendor won't take care of it for you.
While your EHR software vendor probably takes care of a lot of things for you, risk assessment isn't one of them. But you can surely reach out to your vendor for information, assistance, and training on your software in order to help you successfully complete your assessment.
2. It's more than just a checklist.
While it's a good idea to make a list of the things you need to evaluate during your risk assessment, a checklist itself doesn't quite cut it. There are actions and documentation you need to provide that show risk assessment has been performed.
3. A risk assessment can be performed many ways.
There are guidance rules to help you understand the requirements asked of you by way of The Security Rule. The guidance helps you identify and implement the right safeguards for your software and processes.
4. It's not just about your EHR.
On top of your EHR, you need to evaluate all devices that store or capture protected health information. Think about things like tablets, computers, mobile phones, and copy machines that may store or access your data.
5. You don't need to perform an assessment every year.
We mentioned in Part 1 that risk assessment is an ongoing process. You should first perform the assessment when you adopt your EHR. As changes are made in your practice like role changes, network or software updates, or internal processes, review and update your original analysis for changes in risk that may have occurred.
Are you in the market for new EHR software for your practice? Check out Uprise!