How Safe is Your Outsourced Protected Health Information?
Healthcare organizations obviously have protected health information within their walls, but they often have a lot of it outside the walls, in the control of their business associates.
Healthcare organizations obviously have protected health information within their walls, but they often have a lot of it outside the walls, in the control of their business associates.
Consequently, its no longer clear where your walls are, says John Christiansen, founder of Christiansen IT Law in Seattle. During a session at HIMSS 15, Christiansen will speak about off-shore development work, using data hosting services and other outside organizations that have your patients personal health information (PHI).
Dont think your attorney can do everything for you. As far as the world is concerned, you are responsible for [the security of patients PHI], Christiansen warns. I can help with legal strategies to minimize and avoid trouble. But you need to look at your policies in the view that you will be responsible. The public and regulators will look at you for accountability.
With 30 years of experience, hes seen many instances where a covered entity wasnt really managing outsourcing well enough to know who has the entitys PHI and if business associates and subcontractors are being properly managed.
Organizations must conduct due diligence on their vendors, but they must dig even deeper with offshore vendors, who may not have the same level of security concerns, Christiansen counsels. When moving PHI off-shore, Dont muddle through; have a strategy, he adds. You need to go in with your eyes open.
Attorneys Kathryn Coburn of Cooke Kobrick & Wu in Santa Monica, Calif., and Amy Leopard of Bradley Arant Boult Cummings in Nashville, Tenn., also will present during session 4, Identifying the Enemies within the Gates--Do You Know Whos in Your System? The session is scheduled on April 13 at 10 a.m. in Room W194.
Consequently, its no longer clear where your walls are, says John Christiansen, founder of Christiansen IT Law in Seattle. During a session at HIMSS 15, Christiansen will speak about off-shore development work, using data hosting services and other outside organizations that have your patients personal health information (PHI).
Dont think your attorney can do everything for you. As far as the world is concerned, you are responsible for [the security of patients PHI], Christiansen warns. I can help with legal strategies to minimize and avoid trouble. But you need to look at your policies in the view that you will be responsible. The public and regulators will look at you for accountability.
With 30 years of experience, hes seen many instances where a covered entity wasnt really managing outsourcing well enough to know who has the entitys PHI and if business associates and subcontractors are being properly managed.
Organizations must conduct due diligence on their vendors, but they must dig even deeper with offshore vendors, who may not have the same level of security concerns, Christiansen counsels. When moving PHI off-shore, Dont muddle through; have a strategy, he adds. You need to go in with your eyes open.
Attorneys Kathryn Coburn of Cooke Kobrick & Wu in Santa Monica, Calif., and Amy Leopard of Bradley Arant Boult Cummings in Nashville, Tenn., also will present during session 4, Identifying the Enemies within the Gates--Do You Know Whos in Your System? The session is scheduled on April 13 at 10 a.m. in Room W194.
More for you
Loading data for hdm_tax_topic #better-outcomes...