This entry is part 23 of 26 in the series HIPAA Privacy-Security Reminders

HIPAA Privacy and Security Reminders – Necessary Evil, Operational Baseline or Competitive Advantage?

How do you and your colleagues think about compliance with the HIPAA-HITECH privacy, security and breach notification rules?

We’re finding that organizations and their leaders are evolving their thinking about the safeguarding their members’, patients’ or customers’ personal information in general and the HIPAA-HITECH privacy and security regulations in particular.

HIPAA-Project-Program-StrategyFor some organizations, the HIPAA-HITECH regulations are still regarded as a necessary evil with responsibility often delegated to the lowest levels of the organization with the ol’ “handle it” method of assignment. In this scenario, some poor soul (who probably missed a meeting!) is given the task of getting a passing grade and/or keeping the organization out of trouble, whatever that means. There’s little or no budget or resource provided. Whatever effort is undertaken is referred to as the “HIPAA compliance project”. The use of the word project conveys the organizations belief that it will end! Little progress is ever made and few questions are asked. What may or may not be happening is rarely tied to the strategy of the organization.

In slightly more enlightened organizations, leaders have come to realize that safeguarding anyone’s personal information of any type and especially Protected Health Information (PHI) is a basic requirement of doing business in the new millennium… it is an operational necessity. They realized that privacy and security of PHI must be built into business processes and not be an after thought. In fact, these organizations realize that it much more than a government regulatory compliance program and that their members, patients and customers expect and deserve to have their PHI safeguarded. They realize it is an ongoing program that needs to be resourced and funded. They often refer to it as their “Patient/Member Privacy & Security Program”.

The most progressive organizations go even beyond the idea of a program. They treat the safeguarding of information as a core strategy. Just as over time organizations have built financial, technology, operational strategies to support the overall corporate strategy, they realize that there is an opportunity for competitive differentiation in how they protect personal information. We have seen such a program referred to as their “Marketing, Customer Service & Patient Safety Strategy”. Efforts are made to ensure there is alignment between their privacy and security efforts and the overall corporate strategy.

What should organizations do?

A great place to start this conversation in your organization is by completing a baseline Clearwater Strategic “Business and Information Privacy and Security Program” AlignmentCheck™ Survey. Try the survey and/or call us to discuss how you and your colleagues think about compliance with the HIPAA-HITECH privacy, security and breach notification rules.

What Other Resources Are Available to You?

Contact us for more information or to learn about a tailored Clearwater HIPAA Audit Prep WorkShop™ or the Clearwater HIPAA Audit Prep BootCamp™ series.

More HIPAA HITECH Resources:

The complete HIPAA Privacy, Security and Breach regulations are here.

Join our AboutHIPAA LinkedIn Group:
Follow us on Twitter
Subscribe to our eNewsletter
Attend a live educational webinar.

Series Navigation<< HIPAA Privacy and Security Reminders – WellPoint OCR Settlement AgreementHIPAA Privacy and Security Reminders – Lost USB Memory Drive Leads to $150k HIPAA Settlement for Small Dermatology Practice >>

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.