HIPAA Privacy and Security Reminders – Necessary Evil, Operational Baseline or Competitive Advantage?
How do you and your colleagues think about compliance with the HIPAA-HITECH privacy, security and breach notification rules?
We’re finding that organizations and their leaders are evolving their thinking about the safeguarding their members’, patients’ or customers’ personal information in general and the HIPAA-HITECH privacy and security regulations in particular.
For some organizations, the HIPAA-HITECH regulations are still regarded as a necessary evil with responsibility often delegated to the lowest levels of the organization with the ol’ “handle it” method of assignment. In this scenario, some poor soul (who probably missed a meeting!) is given the task of getting a passing grade and/or keeping the organization out of trouble, whatever that means. There’s little or no budget or resource provided. Whatever effort is undertaken is referred to as the “HIPAA compliance project”. The use of the word project conveys the organizations belief that it will end! Little progress is ever made and few questions are asked. What may or may not be happening is rarely tied to the strategy of the organization.
In slightly more enlightened organizations, leaders have come to realize that safeguarding anyone’s personal information of any type and especially Protected Health Information (PHI) is a basic requirement of doing business in the new millennium… it is an operational necessity. They realized that privacy and security of PHI must be built into business processes and not be an after thought. In fact, these organizations realize that it much more than a government regulatory compliance program and that their members, patients and customers expect and deserve to have their PHI safeguarded. They realize it is an ongoing program that needs to be resourced and funded. They often refer to it as their “Patient/Member Privacy & Security Program”.
The most progressive organizations go even beyond the idea of a program. They treat the safeguarding of information as a core strategy. Just as over time organizations have built financial, technology, operational strategies to support the overall corporate strategy, they realize that there is an opportunity for competitive differentiation in how they protect personal information. We have seen such a program referred to as their “Marketing, Customer Service & Patient Safety Strategy”. Efforts are made to ensure there is alignment between their privacy and security efforts and the overall corporate strategy.
What should organizations do?
A great place to start this conversation in your organization is by completing a baseline Clearwater Strategic “Business and Information Privacy and Security Program” AlignmentCheck™ Survey. Try the survey and/or call us to discuss how you and your colleagues think about compliance with the HIPAA-HITECH privacy, security and breach notification rules.
What Other Resources Are Available to You?
More HIPAA HITECH Resources:
The complete HIPAA Privacy, Security and Breach regulations are here.
Latest posts by Bob Chaput (see all)
- HIPAA Risk Analysis Tip – Part 5 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - June 5, 2017
- HIPAA Risk Analysis Tip – Part 4 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - May 29, 2017
- HIPAA Risk Analysis Tip – Part 3 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - May 21, 2017