As we enter 2018, health information management (HIM) and compliance professionals have the opportunity to reflect on healthcare privacy and security in 2017, look at lessons learned, and make predictions as to what’s next.
In 2017, there were many natural disasters that took center stage and continue to play a role in healthcare— for example, disaster waivers. We also saw the defunding of ONC’s Chief Privacy Officer position. In addition to that, data security and breach notification issues grabbed headlines. I go more into detail on these items and offer predictions for 2018 in an InterviewNow podcast, which you can listen to here.
Health Information Management Best Practices
During 2017, data security and breach notification issues grabbed the headlines, and the Office for Civil Rights (OCR) was one of the most active regulators. Health Information Management (HIM) leaders can learn lessons from last year’s enforcement actions and apply the following best practices in 2018:
1) Know Where Your Risks Are
Knowing that cyber risk security issues are still out there, your organization needs to be aware of them, so you are able to respond and prepare for those types of attacks. Your organization should make sure to spend enough on cyber security, so that your IT department is better able to respond and act on attacks.
2) Educate and Train Employees
For a good percentage of these security and breach notification issues, there is a human factor involved. Knowledge is power. Training and educating your employees should be part of your organization’s due diligence. Employees need to know what they can and cannot click on and they also need to understand the type of phishing episodes that can occur. Another reason why this is important is because now at many organizations, employees bring their own devices into work. The due diligence with this has grown because with more and more things getting connected, the bigger the risk is for a breach.
3) Update System Patches
Validate that your IT team is current with software updates and patches to assure the latest security enhancements are applied to protect the data.
4) Look at Policies and Procedures
Make sure your organization has up to date policies and procedures. It is important to do internal auditing to make sure your employees understand and follow these policies and procedures. If you come across weaknesses during your internal auditing, be sure to address them as well.
OCR Wall of Shame Facelift, Intelligent Apps and Analytics
Now, more than ever, is the time to get your breach prevention and compliance measures in order, because the OCR wall of shame may get a facelift in 2018. The facelift could allow you to link over and see who also is involved from a Business Associate standpoint. I personally think the facelift could help people with their due diligence and reviews.
More things to look at in 2018 include intelligent apps and analytics. With all the new and advanced devices today, personal health information is much easier to track now. Once that tracked information becomes shared, it could become part of your doctor’s diagnostic tool kit. I think the availability of health data, if used correctly, could help the world become a better place.
To learn more about 2018 watch list items, including General Data Protection Regulation (GDPR), Internet of Things (IoT), research and de-identification, litigation, OCR updates and cyber-security, be sure to look for details about an upcoming webinar series, hosted by MRO, which will cover those items.
To sign up for future blog posts, complete the form below.