By now it’s a well-trodden cliché to say that even essentially the most stringent compliance with HIPAA doesn’t imply delicate well being knowledge is definitely safe – however what about an inverse of kinds?
That being the concept strong security may be remodeled into good regulatory compliance.
“Good security is not enough to demonstrate HIPAA compliance,” mentioned Adam Greene, Partner on the regulation agency Davis Wright Tremaine. “Even very mature information security programs are often lacking documentation that the primary regulator is expecting.”
It’s not a wholly unusual scenario for hospitals to be in, both. Greene mentioned that’s as a result of information security retailers and compliance groups typically usually are not aligned intently sufficient to make it occur.
“The challenge I often see is that compliance and information security are in separate silos. Information security professionals are really good at information security, but have not received education on what regulators are seeking to demonstrate compliance,” Greene mentioned. “Compliance staff may be better at understanding how to demonstrate compliance, but may not feel like they have the competence or authority to bring their compliance skills to the information security side of the house.”
Given that situation, how can hospital and healthcare executives bridge that chasm to make sure that information security groups and compliance efforts function in lockstep to serve each functions?
“It is a combination of documenting your security efforts in a way that will enable you to get credit for everything positive that you have done, ensuring that your risk assessment is consistent with the regulator’s ideas, which may differ significantly from many information security professional’s preferred approach, and understanding the level of detail that the regulator expects to see in policies and procedures,” Greene mentioned.
Greene is scheduled to talk at HIMSS19 throughout a session titled “Turning Good Information Security Into Good HIPAA Compliance,” on Wednesday, February 13, from 11:30-12:30 p.m. in room W320.
Email the author: firstname.lastname@example.org
Healthcare IT News is a HIMSS Media publication.