AHIMA Advantage - AHIMA Body of Knowledge - American Health ...

▷ PRIVACY, SECURITY UPDATEHealthcare Privacy: Are You Ready for 2012?Healthcare organizations and providers will need todedicate more time to privacy and security efforts in2012. Health information technology has tremendouspotential to explode in the coming year, resulting in increasedexchanges of health information which can potentially poserisks to privacy. Privacy and security standards can no longer beignored. They will stand in the way of system implementations andsystem usage. The lack of trust in a system will only delay realizingthe full benefits of an integrated electronic health record (EHR).Though the Health Insurance Portability and Accountability Act(HIPAA) was enacted 15 years ago, it remains one of the hottesttopics in healthcare today. Passed to develop public assurancethat personal health information would remain secure andconfidential, HIPAA is still considered only the floor for federalprivacy protections. In the news today, a barrage of storiesrecounting breaches of health records, inappropriate access, andloss of laptops and other mobile devices have kept providers,organizations, and consumers alike poised on the edge.The Role of HIM ProfessionalsNow is the time for HIM professionals to step to the front of theline and provide the leadership and guidance needed to enactand consistently ensure patient privacy and security policiesand procedures in their facilities and communities are enforcedand in place. Building and maintaining trust in the EHR andinformation sharing will be critical in the coming year. Whilethe industry anxiously awaits the modifications to the HIPAAprivacy and security regulations enacted by the HITECH Act,the need for continued vigilance has not diminished. Theabsence of clear guidance on some of these issues has led manyto develop a “wait and see” approach.Prepare Yourself NowIt is too late to wait and see, or hope that the final regulationswill be postponed. Health IT adoption continues to grow asorganizations seek monetary incentives under meaningful usecriteria. The growth will only continue, thus continuing the needfor information sharing and stopping potential risks to privacy.Here are just a few items to be prepared for this year:• Use of mobile devices to collect, store and maintain healthinformation—Have you taken steps to adequately secure andprotect these devices and the information contained withinthem?• Increased litigation—2011 brought several class actionlawsuits for failure to protect health information. 2012 isexpected to continue this trend, and whether you win or losethe cost of these lawsuits create a significant risk to healthcareorganizations. Are you ready for privacy litigation? Have youconsulted with your legal counsel?• Use of social media—As more organizations use social mediato interact and communicate with patients, the potential to usethis media incorrectly can pose risks to the organization. Doesyour organization have clearly defined policies and proceduressetting the expectation for safer social media practices?• Business associates—Business associates are now responsiblefor complying with the HIPAA privacy and security rules, andeconomic conditions have forced some to outsource many oftheir functions. Are you confident your business associates arefully compliant with the current rules, and how quickly theywill notify you of a breach?• Willful neglect—OCR will continue to investigate privacy andsecurity complaints, and many expect these investigations tobecome more aggressive in 2012. As willful neglect is furtherdefined, expect harsher penalties and financial settlements tofollow. Have you defined willful neglect in your organization?• Training—Privacy and security trends continue to bepublished by various groups. Often the results are shocking.Some breaches are caused by basic failure to educate staff. Areyou educating your staff on privacy and security? Does thetraining change based on industry trends?• Audits—Under the HITECH Act, the monitoring andenforcement of privacy and security rules compliance isstrengthened. Organizations will be picked at randomto be audited for their level of compliance inmeeting privacy and security requirements. Is yourorganization prepared for an audit?Healthcare privacy and security is moreimportant than ever. The industry is in the midstof multiple major transformation initiativessuch as ICD-10, health information exchange,meaningful use, and the long awaited privacy andsecurity final rules under the HITECH Act. Staying on topof the multiple priorities can be accomplished, but it is not aneasy task. Are you ready? v14 ▷ PAGEAHIMA ADVANTAGE