Has the threat of an OCR audit finally made the healthcare industry turn the corner when it comes to patient privacy and security? It may seem that way as we see a new focus on the importance of Risk Assessments and Incident Response Planning.
“Lately we have seen a strong uptick in requests for incident response planning and testing. What is driving this trend and why now? Maybe the better question is to ask why it took so long given the growing number data breach incidents among large and small healthcare organizations? I can only speculate about the drivers for the sudden surge in focus on this issue, which has long been a requirement under the HIPAA Security Rule and it was further codified through the burden of proof requirements under the HITECH Breach Notification interim final rule (IFR). I think for one thing, there’s a realization that OCR HIPAA Privacy and Security Audit Program is going to continue and it is a matter of time before OCR knocks on the door. Another reason, in my opinion, is that developing, documenting and testing an IRP can provide very tangible and actionable outcome that can help improve cross-functional communications, processes and awareness in addition to helping to prevent some incidents since it focuses the entire team and organization on the topic of PHI/PII protection, emerging risks and associated implications. So it is a very good and low cost investment with concrete benefits.”
Here we may begin to see an ounce of data breach prevention is worth a pound of data breach response. Previous stats have shown that many organization have yet to take these preventive measures but hopefully for the patients organizations have finally wised up.
You can read the whole story of
The Rise of the Dark Knight, The Rise of the Machines, The Rise of the Planet of the Apes, The Rise of Incident Response Planning here.