One of the foundations of an effective Privacy and Security program is always accountability. Accountability of assets. Accountability of personnel. Accountability of permissions, agreements, and regulations. We must know the scope. Therefore, it is important to routinely take inventory of any relevant elements in your program.
Did you know that Tuesday, January 28th is National Data Privacy Day? It’s a great time to reflect on how successful your privacy and security program has been, and also look to where you want it to go in the future.
To support this goal, below are some things to consider to get you on the right track with your privacy and security program.Consider the users who have access to your systems and information. Do you know every user who has access, what level of access they require, and how long that access will be necessary? What about business associates? Who are we sharing our information with? Why? How long is this agreement valid? What devices are allowed on our network and what restrictions should they have?
There are so many parts in a privacy and security program that rely on auditing, reviewing, and validating those people and assets that fall within scope. But, without effectively knowing the scope, these processes are simply ineffective.
So, what do we do?
Make accountability a priority in your programs. Establish a regular cycle of inventory auditing and verification to make sure you are always aware of any changes.
Some examples of changes that could happen might be:
- If a new device is added to your network – make sure there is a process in place to document and track it
- If a new employee is hired, or staff members change roles in your organization, make sure the appropriate systems and records are properly and thoroughly updated
- If a new agreement is signed with a business associate or if an existing agreement expires – make sure you have adequate systems in place to track changes with agreements
Not only should personnel and assets be regularly reviewed but consider governance and regulations. Create processes to routinely vet your organization’s policies and procedures against the local and federal requirements. Having these processes in place makes sure you are always tailoring the needs of your program toward current requirements.
An effective inventory takes work. It may seem like a daunting task, but there are several solutions and tools available meant specifically to help with privacy and security processes. Find tools that work for your organization and start taking inventory today!
I have presented about the topic of managing the Privacy Cycle several times. Here’s a link if you want more in depth information about the Privacy Cycle and how to take inventory of your processes.
Reach out to me or comment here if you want to talk more about your challenges with patient privacy.