HIPAA Final Rule Raises Fines for Non-Compliance
Action steps for C-Suite
Though enforcement will not come until the fall, CEOs must know the changes will require actions that go beyond the simple checklist approach to compliance that has been par for the course over the past several years, Herold says.
"Those responsible for compliance must be able to implement, and maintain, controls that will fit the organizational environment, and that will be incorporated into every-day work activities," she adds.
Healthcare leaders, she says, should consider the following compliance action steps:
- Support more training, and significantly more ongoing awareness communications than most CEs and BAs currently are providing
- Encourage more oversight of BAs. This means better tracking of the BAs.
- Update the organization's breach-response plans. The rule eliminates the "harm threshold" provision, which allowed covered entities and business associates to avoid breach notification if they determined themselves a breach would not cause harm to an individual. HHS now calls for covered entities and BAs to assess the probability that the PHI has been compromised instead of assessing the risk of harm to the individual.
- Establish a way to monitor compliance and risks on an ongoing basis, along with metrics/statistics, to most quickly identify when problems areas with regard to security and privacy emerge
- Implement better PHI safeguards by CEs and all others (BAs and their subcontractors) which will lead to fewer breaches and also help to ensure more accurate PHI
- Assign a person/team responsibility for doing a gap analysis between current practices and the new requirements
- Identify all BAs and make sure they know the new requirements, and provide some type of evidence to demonstrate their compliance activities
- Plan to provide an awareness communication about the upcoming changes to personnel as soon as possible, and then plan a training session with all personnel sometime in the near term (e.g., within the next month or two; by the March 25 effective date would be ideal).
- Implement ongoing compliance monitoring actions, with associated metrics.
- CEO Exchange: Preparing for Population Health
- Advocate, NorthShore Deal Would Create 16-Hospital System
- Interventional Radiology No Longer a Sub-Specialty
- Top Reason for Nurse Turnover: Managers
- CEO Exchange: Pressure is On to Partner, Drive Quality
- Power of price: In South FL and the nation, healthcare costs often are shrouded in secrecy
- Two NY hospitals to offer free hip and knee replacement surgeries for qualifying patients in December
- Hospital mergers may lead to higher prices
- Healthcare data of 1 million NJ patients compromised since 2009
- 3 Strategies for Retaining Millennial Employees