Healthcare organizations are finding themselves having to do more with fewer resources, and this resource limitation is most visible in data security and patient privacy. Additionally, the industry as a whole sees more and more data breaches in healthcare facilities of all shapes and sizes. This is putting even further stress on hospitals to protect data from the inside out, as the penalties related to breaches, financial and otherwise, can be severe.
I have spoken with a lot of patient privacy auditors and compliance officers, and the most common question that I get is:
“Where do I start?”
They go on to say, "Now that all the data is captured from the different systems that contain PHI, and we have information about the users and patients, what’s next?"
I recently read an article in Healthcare IT News, Myth busted: Machine learning software isn’t enough, and the title caught my eye.
Mac McMillan, CynergisTek CEO was quoted in the article, and brought up an interesting point of view about machine learning.
It has been more than a decade since the HIPAA Security Rule established technical safeguards which require organizations to audit access to electronic protected health information. Since then, auditing programs have continued to grow in size and scope.
Iliana Peters, OCR’s Senior Advisor for HIPAA Compliance and Enforcement, was the featured speaker in the September 19 HealthcareITSecurity.com webinar sponsored by Iatric Systems. Her topic: "What Covered Entities Need to Know about OCR HIPAA Audits." As national lead for OCR enforcement of the HIPAA Rules, she’s uniquely qualified to give us an update on HIPAA audits.
I was very interested to read a recent article in Healthcare Info Security about the new HIPAA enforcer’s plans. Roger Severino, the new director of the Department of Health and Human Services' Office for Civil Rights (OCR), says his top enforcement priority for the coming year is to find a major, egregious privacy breach to use as an example from which others can learn.
When I came across this article on HealthITSecurity.com: "5 Lessons Learned in OCR HIPAA Settlements" I knew I wanted to share it with you. It reports on the outcome of the past two years of OCR HIPAA settlements and shows how likely it is for healthcare organizations to experience a breach at some point in time. As you will read, when healthcare organizations had a breach that caught them by surprise, they experienced significant reporting efforts and costly fines.
Healthcare is, at its core, based on relationships. And, as with any relationship, trust is foundational to building and maintaining a strong relationship. Trust can be fragile and fleeting. It can be either eroded or enhanced in an instant.
Providers have to build a culture of privacy within their organization — one where privacy and security aren’t just occasionally mentioned, but frequently talked about. After all, healthcare providers are stewards of precious information.
Unfortunately, the data that healthcare providers have is also extremely valuable.
News that your organization could be facing an audit is usually cause for anxiety and much gnashing of teeth. At best, it means scrambling to assemble the required information before the deadline expires. At worst...well, let’s not go there.
When hospital clinicians are accessing patient records thousands of times daily, how do you spot the access that’s questionable or worse?