There's a lot of talk this week about IT security and how health care organizations are managing it. Search Health IT reported that technology, IT staffing and budgets tend to lag in health care organizations, and Information Week describes HIPAA compliance as an IT "crisis." But there are bright spots -- despite budgets lagging. For example Search Health IT reported that data security is improving because of increased compliance.
This week's HIPAA Compliance News Roundup brings you the latest information on how health care organizations are using IT to handle HIPAA requirements and other modern challenges.
Health Data Security Improves Despite IT Lagging Behind Other Sectors from Search Health IT: “Healthcare provider chief information officers charged with HIPAA health data security compliance might have a sinking feeling that they can't stop informal data sharing between employees using personal mobile devices; they can only hope to contain it through policies and technologies. DataMotion, a security software vendor that caters to many market sectors, backs up that sinking feeling with raw numbers in its second annual survey of IT and business decision makers exploring email and file-transfer security protocols. Three in four respondents confessed to routinely or occasionally violating file-transfer policies. Of the more than 400 respondents, 37% came from healthcare. DataMotion Chief Technology Officer and co-founder Bob Janacek said that, compared to sectors such as financial services, healthcare lags behind in IT technology, staffing and budgets. But data security, largely driven by HIPAA compliance and business need, is matching or exceeding those other markets.”
HIPAA, SOX & PCI: The Coming Compliance Crisis in IT Security from Information Week: “Organizations of all sizes should be concerned with a staggering increase in audit and compliance demands in the coming year. Standards such as PCI, HIPAA, and SOX will continue to receive heightened awareness, while high-profile breaches will encourage corporate boards and internal audit committees to turn up their focus on security and conduct their own audits and compliance reviews. Not only will the volume of these demands stress the bandwidth of security staff already tasked with 24x7 network protection, but businesses will also be challenged to provide adequate security assurance for an increasingly complex IT infrastructure. Capturing log information and setting up analytics capabilities will become even more important for demonstrating compliance.”
HIPAA, ICD-10 Among 6 Compliance Trends that will Affect You in 2014 from Mondaq: “The Office for Civil Rights (OCR) has stated that it will aggressively enforce HIPAA, especially since the rule implementing much of the HITECH Act went into effect September 23. This increase in enforcement coincides with the jump in mobile device use, electronic health record adoption and online scheduling, which will cause digital patient data to be less secure since providers will have less control over it, warns Kline. Complying with HIPAA is increasingly being used as a best practice in state courts, and patients are winning damages. ‘People [will] learn that they can sue [for privacy and security breaches]. This area is growing,’ Kline notes.”
Three Emerging Tech Tools Affecting Healthcare from Forbes: “Of course, the use of mobile technology carries risk, especially when it comes to sensitive applications such as healthcare. And healthcare organizations must also consider how the use of mobile technology affects regulatory (especially HIPAA) compliance. This can be complicated when combined with security issues related to cloud computing. Any organization that seeks to leverage mobile and cloud technology for its patients and employees must take great care to ensure that security, privacy and regulatory concerns are being addressed. This requires input from all stakeholders across the organization. For many organizations, the use of an outsourced IT provider can provide a level of expertise and protection that they can’t afford not to have.”
5 Pieces of Advice for the new National Coordinator for Healthcare Information Technology from MedCity News: “Karen DeSalvo started as the new National Coordinator for Healthcare Information Technology on Jan. 13, 2014. After my brief discussion with her last week, I can already tell she's a good listener, aware of the issues, and is passionate about using healthcare IT as a tool to improve population health. She is a cheerleader for IT, not an informatics expert. She'll rely on others to help with the IT details, and that's appropriate.”
If you need more information about HIPAA compliance and how IT can help your health care organization get it right, watch our recent webinar "HIPAA Risk Assessments: What You Need to Know," or contact us for help.
Logan Solutions is the health care technology company with a clinician's perspective. We provide clinical documentation expertise to customers using Dragon Medical with eClinicalWorks and other electronic medical record systems. Contact us to learn how our clinical and technological expertise can help your practice with Dragon Medical software and training, HIPAA compliance tools and EMR consulting.