Features

Bite-Sized Solutions

Medical equipment suppliers often have a hard time breaking down the important task of internal analysis into manageable, bite-sized pieces. Let's explore

by Neil Caesar

Medical equipment suppliers often have a hard time breaking down the important task of internal analysis into manageable, bite-sized pieces. Let's explore a successful approach to assessing and analyzing problems and then solving them effectively. We'll utilize the HIPAA security rules for our examples.

Learn the difference between assessing risk and analyzing risk. Risk assessment is when you apply the “rules” (here, the HIPAA security rules) to identify specific vulnerable areas in your company. Perhaps your password protections are nominal, or monitors display sensitive information to walk-in customers.

Risk analysis, on the other hand, identifies specific threats to the security of your protected health information. Perhaps someone has gained unauthorized access to your system. Perhaps you have identified a number of improper fax transmissions, or you have found several unlocked doors or cabinets. In other words, risk analysis finds threats that exploit the vulnerabilities identified during the risk assessment. Risk analysis also helps to particularize the level of risk the vulnerabilities present.
… BUT, do both. You cannot assess your areas of vulnerability without evaluating specific problems that have arisen. You cannot respond effectively to errors or systemic problems without assessing whether they are aberrations or reflect continuing vulnerability. Each gives clues to the other.
Quantify your threats. Once you have assessed your company's vulnerabilities, assign each weakness a level of risk. It is usually sufficient to choose from “high,” “medium” and “low.” Use your HIPAA team to assist with this process — your privacy/security officer, IT professionals and department heads.

It is appropriate to assess your risk level with reference to the simplicity and expense associated with solving the problem. A high priority problem that is quite expensive or difficult to fix will likely be bumped down in prioritization until you have had a chance to fix the comparably important but far easier or cheaper problems. There is nothing wrong with getting the most bang for your buck.

Continue Reading...

Topic:

Features

Issue:

April 2006

HomeCare Experts

Mary Ellen Conway
Accreditation Now
Time to Renew
Many providers are due for accreditation renewal
Miriam Lieber
The Bottom Line
Coping with Change
Automation, setting goals and accountability are keys to survival
Louis Feuer
Sales Notebook
Meeting Season
How to get the most out of your meeting and show budget
Cara C. Bachenheimer
Washington Wit & Wisdom
A Blueprint for Success
Replacing competitive bidding is a real possibility if we all work together
Tyler J. Wilson
AAHomeCare Update
Congress Cracks Down on Fraud
AAHomecare's new provider requirements established
Sarah Hanna
Working Down Denials
Working Down Denials
Don't forget the DIF when filing enteral pump claims
Jack Evans
Retail 101
After Medicare
The future of HME lies in cash products
Kelly J. Riley, CRT, RCP
All Things Respiratory
More RAD Requests
As the sleep community becomes more aware of the incidence of complex sleep apnea, HME providers are...
Neil Caesar
Compliance University
No More Whistleblowers
"The 21 Benefits of an Effective Compliance Program" series continues
Jeffrey S. Baird
Law School
Payment Sources Above and Beyond Competitive Bidding
Jeffrey S. Baird is chairman of the Health Care Group of Brown & Fortunato, a law firm based in...
Colette A. Weil
Marketing Matters
HME Under Siege
Six marketing lessons for survival
Seth Johnson
Washington Outlook
The Rush Is On
HME advocates target efforts in 2012 compressed Congress