OCR is doing a good thing by making us “Eat our Vegetables”

Written by Karen Pursch, Product Marketing Manager

OCR is doing a good thing by making us "Eat our "Vegetables"

Healthcare is, at its core, based on relationships. And, as with any relationship, trust is foundational to building and maintaining a strong relationship. Trust can be fragile and fleeting. It can be either eroded or enhanced in an instant.

Providers have to build a culture of privacy within their organization — one where privacy and security aren’t just occasionally mentioned, but frequently talked about. After all, healthcare providers are stewards of precious information.

Unfortunately, the data that healthcare providers have is also extremely valuable.

The number of data breaches continues to grow, exposing personal data of more than 110 million individuals in 2015. I recently read an article that stated — 11 million patient record breaches in June making it the worst month for information security in 2016. Insider and external threats are real and growing for various reasons.

  • Healthcare data has high value. The 2016 Internet Security Threat Report from Symantec showed that in the healthcare industry there were 120 breaches in 2015 with 4.1 million identities exposed. With such a high number of breaches with low numbers of identities tends to show that the data itself is quite valuable to warrant so many small breaches. This study also showed that healthcare ranked at the top of the list of high risk industries based on the number of incidents caused by hacking or insider theft, which indicates that the motive was to steal data, as opposed to data being accidentally exposed.
  • Healthcare is an easy target. Healthcare has traditionally been behind other industries in information technology and security. The ability of healthcare to compile data has grown far faster then our ability to protect it. The culture of healthcare is to focus on patient health, neglecting the security of patient data.
  • Breaches are expensive and erode trust. Whether the breach is small or large, patient trust is damaged. The TransUnion Healthcare Data Breach Survey of 2015 revealed that 7 out of 10 (65%) would avoid healthcare providers that experienced a data breach.

The loss of patient trust due to these various factors not only affects healthcare organizations financially, but also can negatively impact patient care and reimbursement. At a hospital having a public data breach, patients are less likely to tell their caregivers critical health information they might need to properly care for them. In addition, quality issues and higher 30-day readmissions could mean that organizations would lose up to 2% of Value Based Payments (VBP), and 3% of readmissions. This will lead to lower HCAHPS scores meaning fewer new patients and lower reimbursement.

HIPAA Compliance a Competitive Advantage

After nearly a two-year delay, the Department of Health and Human Services' Office of Civil Rights has begun OCR HIPAA audits of healthcare organizations and their business associates. OCR is doing a good thing by making us "Eat our Vegetables." The OCR HIPAA audits are critical to protecting patients' health information, and most healthcare professionals do not take the audits seriously because of the poor state of cybersecurity in healthcare.

Patient trust should be used as a competitive advantage. Good performance in an audit can become a marketing tool for healthcare organizations.

Please register for a webcast on July 19, to see how you can use Privacy Analytics to reduce breaches in your healthcare organization.

Topics: patient privacy, HIPAA Audits, Data Breaches, OCR Audit, Phase 2 Audits

Subscribe to the Patient Privacy blog.

Receive the latest articles directly in your inbox.
Enter your email address and click SUBSCRIBE:

Comments

0 COMMENTS

Are you monitoring user reporting in MEDITECH’s Data Repository?

In my experience, hospitals typically don't add any kind of PHI access logging to their Data Repository reports. This seems like a gap in PHI monitoring. It may be true that HIPAA provides an...Read More

How Beaufort Memorial Hospital Handles Vendor Risk Management

Recently, Ed Ricks, CIO at Beaufort Memorial Hospital had an interview with Marianne Kolbasuk McGee with HealthcareInfo Security. It is a very relevant and timely discussion since The Department of...Read More

Use Patient Trust as a Competitive Advantage

I recently read this article from HealthData Management — Privacy, security issues cause consumers to distrust HIT — published on January 9th, 2017. With all the news going on today...Read More

Do Your Partners Handle PHI With Care? Not Sure?

A great deal of your hospital’s patient information is now handled by outside partners — physician practices, outside labs, insurance companies, and many others. In an ideal world, you could trust...Read More

OCR to Expand Compliance Reviews of Small Healthcare Breaches

The Health and Human Services (HHS) Office for Civil Rights (OCR) announced in August, that it has launched a new initiative to more widely investigate HIPAA breaches of protected health information...Read More

Security app helps hospital pass CMS risk assessment, HIPAA audit

Iatric Systems customer, Ed Ricks, CIO of Beaufort Memorial, shares that “technology can produce useful details to further prove your privacy compliance efforts to federal auditors.” In this recent...Read More

Healthcare — today's biggest ransomware target

It's no surprise to me that healthcare is now a prime target of cyber-criminals using ransomware to extort money. They want to go after a business that cannot function without access to its data and...Read More

OCR is doing a good thing by making us “Eat our Vegetables”

Healthcare is, at its core, based on relationships. And, as with any relationship, trust is foundational to building and maintaining a strong relationship. Trust can be fragile and fleeting. It can...Read More

Why You Should Embrace an OCR Audit

News that your organization could be facing an audit is usually cause for anxiety and much gnashing of teeth. At best, it means scrambling to assemble the required information before the deadline...Read More

Reducing Improper Access of Patient Records by 98%

When hospital clinicians are accessing patient records thousands of times daily, how do you spot the access that’s questionable or worse? Trying to comply with privacy rules can tie a hospital’s IT...Read More

4 Ways To Reduce the Number of Patient Privacy Audits

We all know that as EMRs replace paper records, it is impossible to manually review millions of audit logs to check for potential patient privacy breaches. As a result, in the past, most...Read More

Map Your Way to a Successful Patient Privacy Program

I have had many conversations with our customers regarding patient privacy monitoring, including the importance of capturing and mapping key data elements such as Guarantor/Subscriber, Next of Kin,...Read More

Risk Based Patient Privacy Monitoring

Healthcare Privacy and Information Security programs have evolved substantially in recent years. This is due not only to the requirements of Meaningful Use, HIPAA, and HITECH, but due to the growing...Read More

My Trip to the Clinic and Protecting Patient Privacy

One internal value that has always been strong at Iatric Systems is that our Founder and CEO, Joel Berman, cares for his “family” by providing the best healthcare insurance and wellness plans...Read More

Could Your Organization Demonstrate HIPAA Compliance?

On September 30th, CynergisTek and Iatric Systems teamed up to host a complimentary webinar, “How to Prepare Your Organization for an OCR HIPAA Audit.” In this informative session, industry...Read More

Are You Ready for the Return of OCR’s HIPAA Audit Program?

One thing is for sure…you don’t want to wait until you get a notification letter from the Office for Civil Rights (OCR) to start preparing for a HIPAA compliance audit. Organizations that are going...Read More

Privacy breaches cost $5.6 billion a year

$5.6 billion.  $5,600,000,000.  Seeing the amount, instead of just reading the amount, gives it more meaning — at least to me it does. That rather large number is how much privacy breaches...Read More

Riding the Magic Omnibus

Every day I want to cry (too much Omnibus)How can I protect your PHI (too much Omnibus)I'm confused and at a loss (too much Omnibus)So can you please explain Omnibus (too much Omnibus) I may be...Read More

How To Justify Your Patient Privacy Program

When I talk to the privacy staff at healthcare organizations, they tell me that they understand the benefits of using technology for their patient privacy program, but they’re having a difficult time...Read More

What is Reasonable and Appropriate under the HIPAA Security Rule?

I am often faced with the following question from customers: "Can you tell me specifically what we need to do to comply with HIPAA’s information system activity review requirement…What is ‘reasonable...Read More

Let’s face it, protecting patient privacy has never been healthcare’s strong suit

In a recent report, "2015 Data Breach Investigations Report," conducted by Verizon, analysts put healthcare security under the microscope and identified that insider snooping (think employee snooping...Read More