Make HIPAA Stick! Privacy Officers, Set The Table For Everyday Vigilance
A few years ago, I approached a compliance officer at a hospital to get his take on what seemed a confounding question: Why do so many acclaimed health systems pay fines for breaching patient privacy, often for careless lapses, such as a laptop snatched from an unlocked car?
Surely these organizations have policies drafted by the best lawyers.
This compliance officer, a veteran of privacy regulation, replied matter-of-factly: “Oh, they have policies but they don’t stick.’’
Still today, six years after the overhaul of the Health Information Portability and Accountability Act (HIPAA), accountability for HIPAA itself remains a challenge. Policies may be on file, but they mean nothing until daily activities align with the goal of keeping private health information a secret to all except those who need to know.
If there is reason for the earth to shake beneath privacy and security offices across healthcare, it is right now as a recent spate of indicators point to a widespread, insufficient compliance with HIPAA.
Consider:
In March, a panel of chief security officers at the 2019 HIPAA Summit called for compliance managers to move beyond the mindset of HIPAA security as a mere checklist, when requirements call for a detailed, enterprise-wide approach.
Findings of a 2019 Healthcare Compliance Benchmark Report by SAIGlobal reinforce the panel’s concern. Among survey respondents, half indicated the use of a self-assessment tool or checklist to evaluate their compliance programs, while 19% didn’t assessment their compliance programs.
Similarly, a recent landmark study by health industry leaders framed its goal as “moving the needle” on basic security protections — likened in the report to the simple use of hand sanitizers to prevent the spread of germs.
Indeed, privacy protections are about prevention.
To read this article in its entirety CLICK HERE.
This article was first published by The Compliance & Ethics Blog.
This article was written by Pedagogy Author Diane Evans who is also a Publisher for MyHIPAA Guide, a HIPAA consultancy and subscription service, and she can be reached at devans@myhipaaguide.com. To learn more about HIPAA implementation CLICK HERE.