CSC has released a new white paper titled Doing it Right: Getting a Jump on Privacy and Security. The six page PDF document encourages health care providers to begin changing their approach to the privacy and security of personal health information in advance of the coming changes to the HIPAA Privacy and Security Rules.
The whitepaper makes the case that with more data to protect than ever before providers need to place an even greater emphasis on security.
A recent survey has shown that patients do not believe digital health information can remain secure. Without patient trust the next generation of care delivery, including the use of Electronic Health Records will be resisted by the patient population.
The white paper suggests a number of steps providers should take to get ahead of the coming changes to the privacy and security rules, including the need to:
· Establish a Chief Privacy Officer (CPO). Key duties of the CPO should include monitoring information systems, establishing and revising policies and procedures and providing training.
· Conduct a security risk assessment before you get the audit notice. Look at every system and process, and document every decision you make, including reasons for addressing or not addressing a particular risk.
· Make risk identification and mitigation subject to continuous improvement. Software patches and updates should be applied on a regular basis and include a risk review and audit with every new system implemented.
· Expand your purview to include mobile devices and social media. Do not assume that employees know how to apply existing rules about privacy and security to new devices and new forms of media.
The CSC white paper goes into much more detail on those and other suggestions for firming up provider security. If you deal with personal health information this is something you should consider reading.