Health Information Management: A Look at 2017 and Predictions for 2018

By Rita Bowen, VP, Privacy, Compliance and HIM Policy for MRO
Twitter: @MROCorp

As we enter 2018, health information management (HIM) and compliance professionals have the opportunity to reflect on healthcare privacy and security in 2017, look at lessons learned, and make predictions as to what’s next.

In 2017, there were many natural disasters that took center stage and continue to play a role in healthcare— for example, disaster waivers. We also saw the defunding of ONC’s Chief Privacy Officer position. In addition to that, data security and breach notification issues grabbed headlines. I go more into detail on these items and offer predictions for 2018 in an InterviewsNOW podcast, which you can listen to below.

Health Information Management Best Practices
During 2017, data security and breach notification issues grabbed the headlines, and the Office for Civil Rights (OCR) was one of the most active regulators. Health Information Management (HIM) leaders can learn lessons from last year’s enforcement actions and apply the following best practices in 2018:

1) Know Where Your Risks Are
Knowing that cyber risk security issues are still out there, your organization needs to be aware of them, so you are able to respond and prepare for those types of attacks. Your organization should make sure to spend enough on cyber security, so that your IT department is better able to respond and act on attacks.

2) Educate and Train Employees
For a good percentage of these security and breach notification issues, there is a human factor involved. Knowledge is power. Training and educating your employees should be part of your organization’s due diligence. Employees need to know what they can and cannot click on and they also need to understand the type of phishing episodes that can occur. Another reason why this is important is because now at many organizations, employees bring their own devices into work. The due diligence with this has grown because with more and more things getting connected, the bigger the risk is for a breach.

3) Update System Patches
Validate that your IT team is current with software updates and patches to assure the latest security enhancements are applied to protect the data.

4) Look at Policies and Procedures
Make sure your organization has up to date policies and procedures. It is important to do internal auditing to make sure your employees understand and follow these policies and procedures. If you come across weaknesses during your internal auditing, be sure to address them as well.

OCR Wall of Shame Facelift, Intelligent Apps and Analytics
Now, more than ever, is the time to get your breach prevention and compliance measures in order, because the OCR wall of shame may get a facelift in 2018. The facelift could allow you to link over and see who also is involved from a Business Associate standpoint. I personally think the facelift could help people with their due diligence and reviews.

More things to look at in 2018 include intelligent apps and analytics. With all the new and advanced devices today, personal health information is much easier to track now. Once that tracked information becomes shared, it could become part of your doctor’s diagnostic tool kit. I think the availability of health data, if used correctly, could help the world become a better place.

This article was originally published on the MRO Blog and is republished here with permission.