The breach notification rule will drive physician practices to improve their data security, says Robert Tennant, senior policy advisor at the Medical Group Management Association in Englewood, Colo.

Speaking at the Safeguarding Health Information conference in Washington, Tennant noted that the last thing a practice in a small town wants is to see their name in the newspaper because of a breach. In a panel discussion on the HIPAA security rule, Tennant offered several suggestions to federal officials:

* The Centers for Medicare and Medicaid Services several years ago wrote a seven-part series of security rule guidelines for non-technical personnel. Now, CMS should update and expand that series, and the Health and Human Services' Office for Civil Rights should write a similar series on breach notification issues.

* Federal agencies should increase public education of the breach, privacy and security rules with open door forums and conferences.

* The feds also should solicit voluntary audits of providers' information security programs with anonymous feedback reports given to the participating providers, but also using the reports to make lessons learned available to the public.

--Joseph Goedert


Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access