The Web app automates the review of administrative, technical, and physical safeguards as defined by HIPAA and HITECH.
Information security and system management provider Symantec deepened its reach into the healthcare sector on Wednesday when it unveiled the Allscripts Privacy & Security Risk Assessment, a tool that automates the paper-based process of assessing a medical practice’s privacy and security risks.
According to Symantec, the Allscripts Privacy & Security Risk Assessment is a Web-based application that provides physicians with a single place to complete the review of administrative, technical, and physical safeguards as defined by the Health Insurance Portability and Accountability Act (HIPAA).
Doug Havas, vice president of Symantec Healthcare, said in a statement the company understands the unique needs of the healthcare industry as it grapples with the task of protecting patient information.
Havas also said the application makes it easier for physicians to demonstrate that they meet the security requirements of HIPAA and helps them qualify for substantial incentive payments from Medicare or Medicaid.
“The solution also represents a critical step in identifying pain points and mitigating risks so practices can maximize their data security,” Havas said.
Physicians applying for Medicare and Medicaid Electronic Health Record (EHR) incentive programs must demonstrate that their practices meet the security requirements under the Health Information Technology for Economic and Clinical Health Act (HITECH) Meaningful Use Stage 1 criteria. And they must conduct a privacy and security risk analysis under HIPAA guidelines.
“Right now, physician practices can either perform the HIPAA risk assessment themselves or hire an onsite consultant to do the analysis,” said Lee Shapiro, president of Allscripts. “By working with Symantec, we can now greatly simplify the risk assessment process for those practices that are looking for an alternative to doing it on their own.”
Another objective for offering the tool is to help physician practices that are financially constrained to conduct a privacy and security assessment of their health information systems without buying new hardware.
To make it user friendly, clinicians are not required to download files and the application produces comprehensive reports immediately upon the practice completing the assessment. The assessment includes identifying potential gaps and providing recommendations for complying with HIPAA rules and HITECH. Vendor and application independent, it can be used with any EHR.
“A critical evaluation that would normally take significant time and resources has been simplified into an easy, user-friendly, step-by-step process,” Alexander Laham, corporate compliance and privacy officer at Springfield Medical Care Systems, said in a statement. “We will certainly be using this tool on a regular basis, not just once a year, to gauge our improvement over time and help ensure that our systems are secure and compliant.”
Developed by Symantec and currently available exclusively through Allscripts, the Allscripts Privacy & Security Risk Assessment offers several features including:
– One-stop and one place to complete HIPAA-defined assessment of administrative, technical, and physical safeguards.
– Automated reporting and gap analysis with recommendations for improvements.
– A subscription-based model that accommodates the needs and financial parameters of single providers, multiple locations, and enterprise customers.
– Annual collection and verification of assessment data.
– Automatic assessment and audit log.
– Graphical and administrative views of assessment results.
– Documentation that a privacy and security risk assessment has been performed in accordance with HITECH and HIPAA.