Compliance with 45 CFR part 164, the HIPAA Security Rule, is summarized in Special Publication 800-66 from the National Institute of Standards and Technology (NIST). Full compliance involves application of a variety of policies, procedures and safeguards, including vulnerability scanning using technology developed under Homeland Security sponsorship in the Security Content Automation Program (SCAP). ACR 2 risk assessment software, first publicly demonstrated at the 2007 CyberCrime conference in Kennesaw, GA, uses SCAP validated scan results to produce real-time risk monitoring.
Initial risk assessments, including SCAP scanning of selected workstations, can be completed in 3-4 hours at a cost of less than $2,000 per location. The risk assessment, combined with implementation of initial safeguards as recommended by the risk assessment Gap report, meets or exceeds the item 23 requirements for Stage 1 meaningful use. First year payments for EPs are $18,000 per physician, while first year payments for hospitals begin at $2,000,000.
A recent joint project in upstate New York utilized Lumension SCAP scanning and ACR risk assessment software to bring a group of four hospitals into item 23 meaningful use compliance. Jana Grose, CIO (Chief Information Officer) of Massena Memorial is the client-side project manager for the hospital group. She states “When I first saw this product, I instantly realized the potential this solution provided. This software tool gives me a total readout of what I need to do as a hospital CIO so that
Copyright©2010 Vocus, Inc.
All rights reserved