Partnership will standardize PHI disclosure management across four hospitals and additional ambulatory sites
HITRUST CSF Certification validates PHI disclosure management firm is committed to protecting sensitive information and meeting key regulations, industry expectations
Compliance Webinar Series to Launch During HIP Week, March 18-24, 2018
Protected health information disclosure management company receives accolades for best customer service department and training team
MRO rated No. 1 for ROI in 2018 Best in KLAS: Software & Services report.
As we enter 2018, health information management (HIM) and compliance professionals have the opportunity to reflect on healthcare privacy and security in 2017, look at lessons learned, and make predictions as to what’s next.
In 2017, there were many natural disasters that took center stage and continue to play a role in healthcare— for example, disaster waivers. We also saw the defunding of ONC’s Chief Privacy Officer position. In addition to that, data security and breach notification issues grabbed headlines. I go more into detail on these items and offer predictions for 2018 in an InterviewNow podcast, which you can listen to here.
Health Information Management Best Practices
During 2017, data security and breach notification issues grabbed the headlines, and the Office for Civil Rights (OCR) was one of the most active regulators. Health Information Management (HIM) leaders can learn lessons from last year’s enforcement actions and apply the following best practices in 2018:
1) Know Where Your Risks Are
Knowing that cyber risk security issues are still out there, your organization needs to be aware of them, so you are able to respond and prepare for those types of attacks. Your organization should make sure to spend enough on cyber security, so that your IT department is better able to respond and act on attacks.
2) Educate and Train Employees
For a good percentage of these security and breach notification issues, there is a human factor involved. Knowledge is power. Training and educating your employees should be part of your organization’s due diligence. Employees need to know what they can and cannot click on and they also need to understand the type of phishing episodes that can occur. Another reason why this is important is because now at many organizations, employees bring their own devices into work. The due diligence with this has grown because with more and more things getting connected, the bigger the risk is for a breach.
3) Update System Patches
Validate that your IT team is current with software updates and patches to assure the latest security enhancements are applied to protect the data.
4) Look at Policies and Procedures
Make sure your organization has up to date policies and procedures. It is important to do internal auditing to make sure your employees understand and follow these policies and procedures. If you come across weaknesses during your internal auditing, be sure to address them as well.
OCR Wall of Shame Facelift, Intelligent Apps and Analytics
Now, more than ever, is the time to get your breach prevention and compliance measures in order, because the OCR wall of shame may get a facelift in 2018. The facelift could allow you to link over and see who also is involved from a Business Associate standpoint. I personally think the facelift could help people with their due diligence and reviews.
More things to look at in 2018 include intelligent apps and analytics. With all the new and advanced devices today, personal health information is much easier to track now. Once that tracked information becomes shared, it could become part of your doctor’s diagnostic tool kit. I think the availability of health data, if used correctly, could help the world become a better place.
To learn more about 2018 watch list items, including General Data Protection Regulation (GDPR), Internet of Things (IoT), research and de-identification, litigation, OCR updates and cyber-security, be sure to look for details about an upcoming webinar series, hosted by MRO, which will cover those items.
To sign up for future blog posts, complete the form below.
Join our blog mailing list
In a blog post, Rita Bowen, MA, RHIA, CHPS, CHPC, SSGB, Vice President of Privacy, Compliance and HIM Policy and Anthony Murray, CISSP, Vice President of Information Technology, are quoted on how to best handle the overwhelming task of BAA compliance.
MRO Lands on the Inc. 5000 Annual List of Fastest-Growing Private Companies for the Third Year in a Row
Monitor Mondays Lead Story: How to Get HIPAA Wrong
Listen to Sara Goldstein, Esq., General Counsel for MRO, report on recent enforcement actions by the OCR against covered entities.
MRO Celebrates 15 Years of Milestones in Health Information Management