A while back I wrote about creating a culture of privacy and security within an organization. ID Experts, with the help of other industry experts, has just released “Five Tips to Make Patient Privacy Part of Your Organizational DNA” and it’s a great list. The most recent trend has been towards making HIPAA privacy and security less of a problem for IT and more of a problem for the whole organization.
1. Encrypt, encrypt, encrypt!
Kimberly B. Holmes, Esq., deputy worldwide product manager – health care, Chubb Group of Insurance Companies
“While there currently are no federal minimum standards or guidance around the quality and level of encryption that should be implemented to secure PHI, having some form of encryption applied to all PHI, and especially to PHI that is stored on mobile/portable devices, mitigates the risk of potentially serious HITECH fines/penalties when a breach occurs.”
2. Prepare for a breach.
Cheryl A. Parham, Esq., associate general counsel, New York-Presbyterian Hospital
“Identify first responders with knowledge of your organization as well as the rules regarding notification and reporting. When a breach occurs, find out the facts first, then respond—but do it timely!”
3. Have a privacy and security compliance assessment carried out every year.
Doug Pollack, CIPP/US, chief strategy officer, ID Experts
“A key action for your healthcare organization to reduce your risks of being fined by the Office for Civil Rights (OCR) is to have a privacy and security compliance assessment carried out every year, and to clearly document the remedial actions that you’ve taken to address the most severe patient data privacy risks that were identified.”
You can read the complete list here, “Five Tips to Make Patient Privacy Part of Your Organizational DNA”