Join MQIN and Brad Trudell, JD, from MetaStar for a Security Risk Assessment (SRA) consultation on June 23 at 11 a.m. Trudell will walk you through the features of the web-based tool (HIPAA One) that you will be using to conduct your SRA. Goals include how to protect the confidentiality, integrity, and availability of electronic protected health information, as well as how to respond to the SRA questions and upload documentation to support those responses. Participating health centers can use the SRA for Promoting Interoperability Year 2020 reporting.
Why is an SRA so important? The U.S. Department of Health and Human Services Office for Civil Rights recently announced a temporary relaxation of enforcement of the HIPAA Privacy, Security and Breach Notification Rules against providers in connection with the good faith provision of telehealth to patients during the COVID-19 nationwide public health emergency. However, it is still important to incorporate the telehealth program into your SRA because an SRA must periodically be conducted on any system used by a provider to transmit or store electronic PHI. Policies, procedures, and business associate agreements must be in place as well. In an emergency situation, providers must continue to implement reasonable safeguards to protect PHI against impermissible uses and disclosures. The administrative, physical, and technical safeguards of the HIPAA Security Rule must continue to be used to protect electronic PHI, including ensuring that an SRA is periodically completed and vulnerabilities continue to be remediated.
Brad Trudell, Privacy and Security Lead, MetaStar, Inc.
Brad Trudell is an attorney with over 20 years’ experience working with the privacy and security of medical data in healthcare settings. Brad has conducted hundreds of SRAs, HIPAA trainings, and privacy assessments as the HIPAA Privacy & Security Lead at MetaStar, Inc., and prior to that he was the privacy officer at a large health insurance company for 16 years.