What healthcare security and privacy pros wish for
2013 proved to be a dizzying year for healthcare compliance, privacy, and information security: the Affordable Care Act, enforcement of the HIPAA Omnibus Final Rule, and ongoing investigations by the Office for Civil Rights (OCR). Not to mention the need for ongoing risk and incident management, C-Suite communication, managing business associates, breach notification, and investigations by the Office for Civil Rights (OCR).
ID Experts asked healthcare compliance, privacy, and information security officers to share their predictions and provide their wish lists for a smoother and more compliant 2014.
In order to better manage their current programs, security, compliance and privacy officers at healthcare organizations are requesting five things: more training, more staff, increased budget, help with audits, and compliance software to help with the avalanche of data breach laws.
This parallels the findings from the Ponemon Institute’s Third Annual Benchmark Study on Patient Privacy & Data Security, stating that the majority of healthcare organizations have insufficient resources, budget, or controls in place to minimize data breach incidents.
If I had more budget, I’d wish for:
- The compliance fairy sprinkling compliance dust and all employees follow the rules. If they don’t, they would disappear.
- More staff, proactive access audit software
- More training; more resources to fund audit trips.”
- A new position to be funded: someone to develop privacy training, be the first contact for questions, and assist in the review and investigation of complaints.
- A best practices, state-of-the-art, compliance tracking system.
- I wish every audit could be done by an external company.
- Internal auditors and a person dedicated to subcontractor oversight activities.
- More staff to help with all the rules and regulations, and write policies.
- The best software available to audit for inappropriate record access.
If I had more control, I’d wish for:
- Time to be more proactive and more time to focus on education, monitoring, and overall bolstering of the privacy program.
- Have no healthcare, privacy or security laws and regulations change for the next five years.
- Monitoring software to be installed to audit all employees for inappropriate record viewing and monitoring usage of the non-work related Internet websites.
- Less government rules, more care for the patients.
- Designated full-time compliance liaison staff at all sites throughout the state.
- Increased reporting, and government (state and federal) enforcement of privacy and security rules.
What lies ahead may require more than a compliance fairy to handle the expected: increased reporting and intensified auditing, more state and federal enforcement of privacy, security and breach rules, and the resignation of executives because of the new accountability requirements.