Computerization of business data, specifically transactions between patients and health care providers is causing no end of concern and problems for the medical personnel who serve their patients and the patients themselves who benefit from it.
The explosion of all things digital
We all are witnesses to the explosion of all things digital. This was accurately predicted years ago and legislation was enacted to address the concerns of fraud and violations of privacy when organizations are not diligent in managing data.
Today, years after those predictions were made, all organizations in the good old USA are legally required to undertake the formidable task of assessing the weaknesses in their data management systems. And not only identifying the weaknesses, but acting upon the information from the assessment to correct them before there is a breach of data.
How is information protected?
Daunting questions for organizations to answer include: What kind of information can be collected about patients and customers? How can that information be used? And most importantly, how is that information protected?
There is a lot of legislation that forces organizations to change the way they manage and protect information. They include: the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach Bliley Act (GLBA) and Sarbanes-Oxley Act (SOX).
By their very nature, these laws mandate that organizations create a culture of compliance to protect the data of their patients and customers in whatever form the data exists. That data must be protected while is stored (at rest) and while it is being transported (in motion).
It is impossible to completely protect information
This is a fact and there is no disagreement regarding this statement by those professionals who deal with this every day. But organizations cannot just ignore these laws as though they do not exist. We all must consider the requirement of each law that governs our businesses, assess if we have any gaps in any of the regulations and train the employees in our companies to show visible, demonstrable, evidence that we are actually making a good faith attempt at abiding by these laws. When we have that type of a good story to tell an auditor, they will know that we’re serious about keeping the law. This is also known as creating a culture of compliance which will minimize disclosures of this all important data.
Regulations require enormous change
Healthcare providers, known as covered entities (CE), are now tasked with legal and regulatory challenges that is nothing short of a total paradigm shift in the way they used to do business. These regulations require enormous change to the culture of an organization, to its systems and how they process all of the data they work with every day. It goes without saying that healthcare organizations must plan for and enact measures that comply with this paradigm shift.
With the passage of HIPAA and HITECH, healthcare providers not only manage the health of their patients, they also have the added responsibility of managing healthcare regulations, plus showing visible, demonstrative evidence that they are achieving this. They must also maintain their achievement in becoming compliant.
Achieve, Illustrate and Maintain Compliance
From personal experience, we can attest to this fact: Achieving, Illustrating to an auditor and Maintaining regulatory compliance is costly and time consuming. There is no doubt about this. But non-compliance can prove even more costly if you ignore it and fail an audit.
Under the new HIPAA, HITECH Omnibus rule, fines from the Office of Civil Rights (OCR) now range from $100.00 up to $1,500,000.00 depending on an organization’s response to the auditor who requires visible, demonstrable evidence of compliance.
DTS InfoTech Can Help
Many health care providers are not HIPAA Compliant. If this describes you, we can help you Achieve compliance, Illustrate compliance to auditors and Maintain full compliancy.
For more information: www.dtsinfotech.com/hipaa-compliance-for-small-health-care-practices-2/
Dedicated to your success,
General Manager and Compliance Officer
dts|infotech . . . computer networks that work