Blogs Home
Friday, July 17, 2015 2:14 PM

How To Justify Your Patient Privacy Program

Written by Rob Rhodes, CHCIO, CISSP, HCISPP, Executive Vice President - iatricSystems

Cost justify your patient privacy program image

When I talk to the privacy staff at healthcare organizations, they tell me that they understand the benefits of using technology for their patient privacy program, but they’re having a difficult time justifying the cost.

They understand that security breaches of Protected Health Information (PHI) can cost their hospital millions of dollars in fines, legal costs, and lost revenue. Most also understand that effective processes and mechanisms that protect PHI also protect a hospital from the harsh penalties and damaging publicity of a privacy breach — or even an inadvertent violation of the rules.

Unfortunately, effective monitoring for patient privacy violations is still a major weakness for most hospitals. In a typical hospital, PHI is accessed many thousands of times daily, and it’s impossible to manually review more than a small sample. This results in an enormous risk that snooping, medical identity theft, or other inappropriate behavior will go undetected.

So how do you show this risk and educate your managers on the benefits of a patient privacy program? How do you make the cost justification case to hospital leadership? The answer is simple: by demonstrating the impact on your hospital’s bottom line.

We understand that despite all the warnings and realities of breaches, the ability (or lack thereof) to implement effective monitoring most often comes down to prioritizing limited resources. This is why we created a cost justification brochure that examines why it is a smart investment to implement a proactive patient privacy monitoring program. It walks you through the:

  • Steep costs that are avoided by preventing a breach
  • Efficiencies and day-to-day time savings for security staff with many other pressing tasks
  • True cost of a breach, including quality issues and lower HCAHPS scores
  • Financial savings by decreasing insider snooping

Why put your hospital at risk? For a relatively modest investment, you can become proactive in protecting your patients’ privacy. You'll have the information you need at your fingertips, instead of having to spend hours or days tracking it down — which is almost cost justification in itself. When the stakes are so high and there’s a tool that works so well, the cost is easy to justify — even for a skeptical CFO.