Recently, my colleague Anthony Murray and I presented Watch List: 2021 Privacy and Security Trends as part of the MRO 2020 Webinar Series. During this presentation, we highlighted the key areas of privacy and security within health information management (HIM) that professionals should be aware of during 2021.
First, I discussed the trends we should see in the privacy arena:
First, I discussed the trends we should see in the privacy arena:
- HIPAA Notice of Proposed Rulemaking (NPRM)—Since HIPAA has not been updated for many years, it was time to address gaps between the existing HIPAA rule and the new Interoperability rule. Although the NPRM has since been released, there is still time for things to change. Looking ahead, I encourage you to take advantage of our upcoming webinar in March on this specific rule, where I will analyze the details with my colleague Angela Rose.
- Patient Right of Access—A new policy change that also came out of gaps within HIPAA was the Patient Right of Access, which allows patients to more easily get their records for themselves or direct them to a third party. An item of note from 2020 was the Ciox v. Azar case, which determined that if the third party is not making healthcare decisions for the patient, then the third party can be charged state rates to get the records. To ensure patients access to their medical records, the Office for Civil Rights (OCR) has cracked down on enforcement of this rule. To put this into perspective, we have seen 14 actions since August of 2020. As this is another hot topic for 2021, I encourage you to attend my upcoming webinar in February on this specific issue.
- New Patient Identifier—While this is not a new concept, AHIMA, AHIOS and other associations recently expressed their support for its implementation. Though some people argue that NPIs could threaten patient privacy, we should be on the lookout for this to make some headway in 2021.
- Interoperability—We have spoken a lot about this topic in 2020, and it will continue to be a hot topic for 2021. All HIM leaders need to look at their processes and the requirements of the rule in preparation for compliance and enforcement coming in 2021! To find out more and assist in your preparations, visit our 2020 Information Blocking Webinar Series landing page, and stay tuned for more sessions in 2021.
Next, my colleague Anthony Murray discussed security trends for 2021:
- COVID-19 Effect—As many of us know, there was a telehealth boom in 2020 due to the pandemic. And because telehealth is likely here to stay, organizations must prepare for updated regulations and guidelines regarding telehealth vulnerabilities, such as breaches. Currently, the OCR is not pursuing breach penalties because we are still considered to be in a national public health emergency. However, that time is ending and we can expect enforcement to resume in 2021. This means that all organizations should make sure their policies and procedures are in place. To ensure your organization is ready, it is critical to complete a risk assessment, document potential risk, and conduct employee education and training. For more telehealth tips and ideas, visit the webinar Anthony and Angela presented in October 2020.
- Ransomware—In October 2020 an alert was released regarding the tactics, techniques and procedures used by cybercriminals targeting the healthcare sector to gain access to protected information. These bad actors use ransomware, a form of malware designed to encrypt files on a device, rendering any files and systems unusable. These malicious actors then demand a ransom in exchange for decryption or release of the information. While the exact motive is usually unclear, they typically do it for espionage or financial reasons. Organizations now need insurance to cover a ransomware attack resulting in payment to the bad actors. Once they are paid, they continue to use ransomware to make more money. To prepare your organization, we recommend four steps: establish a plan, run tests, provide education and create a backup plan.
- Other 2021 Predictions:
- 5G networks—While it’s a great thing for many individuals, remember that bad actors will also have access to this new and improved network function. As this continues to roll out, security teams should monitor these networks to protect their organizations.
- Cybertechnology—AI and machine learning will help us in threat detection, but again, bad actors will also have access to this technology.
As we look forward in 2021, it is imperative that we all stay on top of privacy and security trends by remaining vigilant, compliant and safe in our daily operations. I encourage you to view the recording of this presentation, and stay tuned for many more webinars to come in 2021. Education is essential to preventing any privacy or security mishaps.
To register for the playback recording of our webinar, click here.