The lingering fears of privacy officers
Whether it’s an incident or a full-fledged breach, privacy officers have plenty to worry about in healthcare organizations.
Healthcare privacy officers know what keeps them up at night. It’s worrying, says Angela Rose, director of HIM practice excellence at the American Health Information Management Association and a former privacy officer.
Are systems secure? Could we do more? “That’s the fear; waking up in the morning and your organization is the victim of a cyber attack,” she’ll tell attendees of the Cybersecurity Symposium at HIMSS16 on February 29.
Rose says she’ll be talking to “those who should be listening to privacy officers.” She’ll explain what is and is not a breach. A breach means harm or the potential for harm as protected health information is no longer under control. But there also can be “incidents,” which are not necessarily a breach, but still must be investigated. For example, someone conducting a walk-through audit of assets may find old CDs lying around. This isn’t necessarily a violation that would result in a breach, because they haven’t gone anywhere. Or an employee may look at his or her own medical record. That’s an incident, not a violation, but if an employee looks at others’ records without authorization and good reason, that’s a breach.
But the bulk of her talk will be on the fear that always lurks and what those who aren’t privacy officers need to know. Where are our gaps? Have we identified all our threats? If the HHS Office for Civil Rights shows up, will we be ready? Are we releasing the information that we legally can and should release?
But all the questions will never be fully answered, she believes. Privacy and security officers can do all the due diligence, collaborate with the IT department, make sure the workforce is educated on protecting patient information, and there still will be that chance of a breach.
So the key is to make sure efforts to protect patient information are made in good faith and the organization is as ready as it can be, Rose says. “As long as you are dotting all the I’s and checking off your lists, that’s the best you can do.”
Session CS3, “What Keeps Privacy Officers Up at Night,” is scheduled at 10:45 a.m. in Lando 4205.
Are systems secure? Could we do more? “That’s the fear; waking up in the morning and your organization is the victim of a cyber attack,” she’ll tell attendees of the Cybersecurity Symposium at HIMSS16 on February 29.
Rose says she’ll be talking to “those who should be listening to privacy officers.” She’ll explain what is and is not a breach. A breach means harm or the potential for harm as protected health information is no longer under control. But there also can be “incidents,” which are not necessarily a breach, but still must be investigated. For example, someone conducting a walk-through audit of assets may find old CDs lying around. This isn’t necessarily a violation that would result in a breach, because they haven’t gone anywhere. Or an employee may look at his or her own medical record. That’s an incident, not a violation, but if an employee looks at others’ records without authorization and good reason, that’s a breach.
But the bulk of her talk will be on the fear that always lurks and what those who aren’t privacy officers need to know. Where are our gaps? Have we identified all our threats? If the HHS Office for Civil Rights shows up, will we be ready? Are we releasing the information that we legally can and should release?
But all the questions will never be fully answered, she believes. Privacy and security officers can do all the due diligence, collaborate with the IT department, make sure the workforce is educated on protecting patient information, and there still will be that chance of a breach.
So the key is to make sure efforts to protect patient information are made in good faith and the organization is as ready as it can be, Rose says. “As long as you are dotting all the I’s and checking off your lists, that’s the best you can do.”
Session CS3, “What Keeps Privacy Officers Up at Night,” is scheduled at 10:45 a.m. in Lando 4205.
More for you
Loading data for hdm_tax_topic #reducing-cost...