HIPAA Guard Herald - Your Monthly Newsletter on Surviving HIPAA

MORE ON <strong>HIPAA</strong> <strong>Guard</strong> H E R A L D
Interview with
Regional General Hospital's
Chief Privacy Officer
Heather Thompson
Question: What do you think is
the most difficult part of your
role? How are you able to
overcome this difficulty and be
successful in performing it?
Heather: Adapting to the
changing of laws and of course
the ever-changing advance in
technology. I adapt by continuing
to educate myself and having the
willingness to adapt to all the
changes that may come. Also, by
accepting and learning from all
the challenges that come my
way.
Question: For the future Privacy
officers out there or those who
wish to traverse this career path,
what is your advice for them to
succeed in this role?
Heather: To have good
organization skills, judgement,
problem-solving
skills,
communication skills, listening
skills, and compassion for
others. Also, to have a desire to
continue to educate yourself and
have the willingness to learn.
Question: What do you think are
some of the compliance issues
facing your company?
Heather: The technology in health
care and our organization is
continually changing and advancing.
I believe that a lot of employees are
used to the way things were, and
have a hard time adapting to
change. Technology can be very
intimidating to those especially who
have been working in their careers
along time.
Question: What are some of the
weaknesses in your company’s
compliance program?
Heather: We have a new EMR
System that our employees are still
adapting to
Question: And how are you now
addressing these weaknesses?
Heather: By continuing to educate
the staff and by conducting
surveillance and auditing of user
access. Then, reporting these issues
in our hospital monthly QA meetings
so that all Department Managers
are aware of our progress.
ISSUE 07
June 2018
Question: Describe a project you
had to finish with limited resources.
How were you able to accomplish it?
Heather: I have only been in The
Privacy Officer role for a few months
and although I have gone through
some challenges with some <strong>HIPAA</strong>
Breach investigations, I have not
really had the opportunity to start a
new project. If I had to start a
project with limited resources, I
would maintain a positive outlook
and utilize my organizational skills
to develop a plan. I would start by
organizing my tasks from most
important to least. If I saw that I
could not complete a certain task on
my own, I would ask for assistance
from my peers at work and at <strong>HIPAA</strong>
<strong>Guard</strong>.
Question: Can you give us your top 3
reasons if you were asked why
should a company or organization
particularly in the Healthcare
industry, have a privacy officer?
Heather: First and most importantly,
to protect and ensure patients’
rights and information. Second, to
help maintain administrative and
compliance requirements. Third, to
keep your organizations employees
educated on patient privacy and
education of the advancement of
security and other safeguards.
Question: Can a healthcare
organization afford not to have a
privacy officer like in the case of
rural hospitals? Can they opt not to
have one for their organization? If
yes, why and if no, why not?
Heather: I believe an organization
can’t afford to not have a Privacy
Officer. Privacy is about respecting
people, and people having trust. If a
person does not trust someone, you
may lose their relationship. In turn,
a business such a small Rural
Hospital, will loose patients due to
lack of trust and respect. It can then
lead to a bad reputation and moral
of the organization.
Question: How do you help create a
culture of compliance for privacy
and security of PHI and ePHI within
your organization?
Heather: I think a good way to create
a good culture, is to give employees
all the tools and resources of
keeping up with knowledge and
education. If we continue create a
positive and creative way to educate
employees… they will have a good
understanding and feel comfortable
with compliance. It becomes a
natural habit of their work day, and
not something they feel is a
stressful challenge.