From the Affordable Care Act to Enforcement of the HIPAA Omibus Final Rule, last year was a monumental, if not confounding year for the health care industry compliance officers. Many hope 2014 is a smoother year and less “dizzying,” according to a new report that snapshots their wishes for the coming year.
According to idexpertscorp.com, in 2013, there were over 100 HIPAA privacy breaches affecting 500 or more individuals reported to the Office for Civil Rights. The largest of the breach was at Horizon Blue Cross Blue Shield where a pair of laptops containing information for over 840,000 individuals was stolen. OCR also investigated at least dozens of organizations of potential violations under HIPAA.
With that said, it’s no surprise that compliance officers say they hope in order to better manage their current programs, security, compliance and privacy offers at the respective organizations that they need to have access to more training, more staff, increased budget, assistance with audits and compliance software to help with the spring of data breach laws. The findings mirror the analysis from the Ponemon Institute’s Third Annual Benchmark Study on Patience Privacy and Data Security, stating that most of healthcare organizations have insufficient resources, budget restraints and or have controls in place to minimize data breach incidents.
Those surveyed were also asked what they would change if they were given more control over their organization and legislation. Respondents said they would want more time to educate staff and strengthen their privacy programs, while others wanted auditing software that would monitor employee use of the Internet and record viewing. The requests aren’t surprising given the overhaul to health-care in the United States and increased responsibilities with the law.
One option many organizations utilizing to solve their ‘wish list’ for data security is IDExperts RADAR which is designed to address the issue privacy, security and compliance for efficiently managing incidents where there have been data breaches.
"My wish for my compliance peers is that they have a process and get a tool for managing incidents. RADAR takes the guess work out of risk assessments and helps us systematically review the incidents and stay compliant with the changing laws," said Dr. Cris V. Ewell, chief information security officer at Seattle Children's Hospital told the Sacramento Bee. "Our patients' health and well-being are of utmost importance to us. So is the security and privacy of their information."
For related stories, check out the following: