The American Health Information Management Association (AHIMA) held its annual convention and exhibit in Los Angeles, October 7-11. This year’s event delivered a renewed focus on the profession’s responsibility to protect and govern Protected Health Information (PHI). During the convention, updates for privacy, security, interoperability and information governance were provided. Here is a quick overview of lessons learned at the conference. You can read more in my recent post to HIM Scene’s blog, titled Heard at #AHIMACon17: Lessons Learned for HIM.
Privacy and Security Institute
This year was the 11th anniversary of AHIMA’s Privacy and Security Institute. Speakers from the United States Department of Health and Human Services (HHS) Office for Civil Rights (OCR), Federal Bureau of Investigations (FBI) and Health Information Trust Alliance (or HITRUST) joined privacy and HIM consultants for a two-day seminar.
Additionally, MRO’s Angela Rose, MHA, RHIA, CHPS, FAHIMA, Director of Client Relations and Account Management, and I co-presented a session titled, “Developing Best Practices from OCR Audits and Enforcement Activities.” In this session, we offered best practices for HIM professionals based on lessons learned from the OCR’s patient access guidance, resolution agreements and HIPAA Audit Program protocols. You can download a copy of our presentation by completing the form at the bottom of this blog post.
The position of Chief Privacy Officer (CPO) at the Office of the National Coordinator for Health Information Technology (ONC) has been vacant for the past year, and during this time Deven McGraw, Deputy Director of Health Information Privacy at the OCR, successfully served as acting CPO. Her recent departure, along with other cutbacks, will have a trickle-down impact for privacy compliance in 2018.
Onsite Audits Cease
Yun-kyung (Peggy) Lee, Deputy Regional Manager for the OCR, informed attendees that onsite HIPAA audits would no longer be conducted for Covered Entities or Business Associates due to staffing cutbacks in Washington, D.C. The concern here is that whatever doesn’t get regulatory attention, may not get done.
Interoperability Advances HIPAA
The national push for greater interoperability is an absolute necessity to improve healthcare delivery. However, 30 years of new technology and communication capabilities must be incorporated into HIPAA rules. Old guidelines block us from addressing new goals. We expect more fine-tuning of HIPAA in 2018 to achieve the greater good of patient access and health information exchange.
In an article published shortly before the AHIMA convention, OCR Director Roger Severino touched on the need to modify HIPAA in light of technology advancements and cyber threats saying, “I’ve gotten up to speed on HIPAA, and as the threats evolve, we have to evolve in how we approach it – and we have to be smart about who we target. At most I will say the big, juicy case is going to be my priority and the methods for finding it – stay tuned.”
Luminary Healthcare Panel
This session was a very relevant discussion for my role as Vice President of Privacy, Compliance and HIM Policy at MRO. Panelists provided a glimpse into the future of healthcare while reiterating HIM’s destiny—data integrity and information governance.
There is no doubt that HIM’s role is expanding. We have the underlying knowledge of the importance of data and the information it yields. More technology leads to more data and an increased need for sophisticated health information management and governance. Our history of protecting patient information opens the door to our future in the healthcare industry.
To download slides from MRO’s Privacy and Security Institute presentation “Developing Best Practices from OCR Audits and Enforcement Activities,” complete the form below.