HIPAA Guard Herald - Your Monthly Newsletter on Surviving HIPAA

More documents

Recommendations

Info

MORE ON <strong>HIPAA</strong> <strong>Guard</strong> H E R A L D Interview with Regional General Hospital's Chief Privacy Officer Heather Thompson Question: What do you think is the most difficult part of your role? How are you able to overcome this difficulty and be successful in performing it? Heather: Adapting to the changing of laws and of course the ever-changing advance in technology. I adapt by continuing to educate myself and having the willingness to adapt to all the changes that may come. Also, by accepting and learning from all the challenges that come my way. Question: For the future Privacy officers out there or those who wish to traverse this career path, what is your advice for them to succeed in this role? Heather: To have good organization skills, judgement, problem-solving skills, communication skills, listening skills, and compassion for others. Also, to have a desire to continue to educate yourself and have the willingness to learn. Question: What do you think are some of the compliance issues facing your company? Heather: The technology in health care and our organization is continually changing and advancing. I believe that a lot of employees are used to the way things were, and have a hard time adapting to change. Technology can be very intimidating to those especially who have been working in their careers along time. Question: What are some of the weaknesses in your company’s compliance program? Heather: We have a new EMR System that our employees are still adapting to Question: And how are you now addressing these weaknesses? Heather: By continuing to educate the staff and by conducting surveillance and auditing of user access. Then, reporting these issues in our hospital monthly QA meetings so that all Department Managers are aware of our progress. ISSUE 07 June 2018 Question: Describe a project you had to finish with limited resources. How were you able to accomplish it? Heather: I have only been in The Privacy Officer role for a few months and although I have gone through some challenges with some <strong>HIPAA</strong> Breach investigations, I have not really had the opportunity to start a new project. If I had to start a project with limited resources, I would maintain a positive outlook and utilize my organizational skills to develop a plan. I would start by organizing my tasks from most important to least. If I saw that I could not complete a certain task on my own, I would ask for assistance from my peers at work and at <strong>HIPAA</strong> <strong>Guard</strong>. Question: Can you give us your top 3 reasons if you were asked why should a company or organization particularly in the Healthcare industry, have a privacy officer? Heather: First and most importantly, to protect and ensure patients’ rights and information. Second, to help maintain administrative and compliance requirements. Third, to keep your organizations employees educated on patient privacy and education of the advancement of security and other safeguards. Question: Can a healthcare organization afford not to have a privacy officer like in the case of rural hospitals? Can they opt not to have one for their organization? If yes, why and if no, why not? Heather: I believe an organization can’t afford to not have a Privacy Officer. Privacy is about respecting people, and people having trust. If a person does not trust someone, you may lose their relationship. In turn, a business such a small Rural Hospital, will loose patients due to lack of trust and respect. It can then lead to a bad reputation and moral of the organization. Question: How do you help create a culture of compliance for privacy and security of PHI and ePHI within your organization? Heather: I think a good way to create a good culture, is to give employees all the tools and resources of keeping up with knowledge and education. If we continue create a positive and creative way to educate employees… they will have a good understanding and feel comfortable with compliance. It becomes a natural habit of their work day, and not something they feel is a stressful challenge.
Interview with Regional General Hospital's Chief Privacy Officer Heather Thompson Question: We have been hearing about GDPR and how it will soon become a big player in the overall privacy and security of an individual’s personal data, how are you preparing for this upcoming change? How are you preparing your organization for this upcoming change? Heather: I have just recently been introduced to GDPR. I know it is the most recent change to data protection and its going to be a dramatic change in the way privacy is regulated. As for now, I am going to strengthen my knowledge with the resources I have…. which primarily consists of my association with <strong>HIPAA</strong> guard for my educational resources and support. We would like to thank Heather for giving us these informative insights about her role as Chief Privacy Officer. <strong>HIPAA</strong> <strong>Guard</strong> initiatives are and will always be focused on supporting the core team like Heather’s team in attaining full <strong>HIPAA</strong> and HITECH compliance. We will continuously strive to ensure everyone involved in operating your hospital and health system be fully committed to compliance. Our job becomes much easier if we have people like Heather who are dedicated to work with us as we work towards the same goals. Our Top 4 <strong>HIPAA</strong> Initiatives for this month of June all relates to the FIRST Technical Safeguard Standard of the <strong>HIPAA</strong> Administrative Simplification Security Rule i.e. ACCESS CONTROL. It has four implementation specifications: Encryption/Decryption Unique User Identification Emergency Access Automatic Log-Off ISSUE 07 June 2018
Page 1: HIPAA Guar
Page 5 and 6: Access Control: EMERGENCY ACCESS PR

HIPAA Guard Herald - Your Monthly Newsletter on Surviving HIPAA

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?