Healthcare Security and Privacy Pros Wish for A Compliance Fairy To Aid with Regulatory Woes in 2014

Jan 08, 2014, 09:00 ET from ID Experts

PORTLAND, Ore., Jan. 8, 2014  /PRNewswire/ -- 2013 was a dizzying year for healthcare compliance: the Affordable Care Act, enforcement of the HIPAA Omnibus Final Rule, and ongoing investigations by the Office for Civil Rights (OCR). ID Experts asked healthcare compliance, privacy, and security officers to share their predictions and wish lists for a smoother, more compliant 2014. Predictions:

  • Increased reporting and government enforcement of privacy and security rules.
  • More work, higher expectations and no new staff.
  • Auditing will intensify.
  • More regulations, not new ones. [We'll see] many CEOs and board members resigning because of the new accountability. Compliance officers will be on their own.

Budget, staff, training, audit help, and software top compliance, privacy, and security officers' wish lists to better manage current programs (complete list here):

  • The compliance fairy sprinkling compliance dust and all employees follow the rules. If they don't, they would disappear.
  • More staff, proactive access audit software.
  • More training; more resources to fund audit trips.
  • A new position to be funded: someone to develop privacy training, be the first contact for questions, and assist in the review and investigation of complaints.
  • A best practices, state-of-the-art, compliance tracking system.
  • I wish every audit could be done by an external company.
  • Time to be more proactive and more time to focus on education, monitoring, and overall bolstering of the privacy program.
  • Monitoring software to be installed to audit all employees for inappropriate record viewing and monitoring usage of the non-work related Internet websites.
  • Less government rules, more care for the patients.
  • Designated full-time compliance liaison staff at all sites throughout the state.

Maybe There Is a Compliance Fairy

Healthcare organizations turn to "compliance fairy" ID Experts and RADAR™ 3.0 for incident management and compliance.

"My wish for my compliance peers is that they have a process and get a tool for managing incidents. RADAR takes the guess work out of risk assessments and helps us systematically review the incidents and stay compliant with the changing laws," said Dr. Cris V. Ewell, chief information security officer at Seattle Children's Hospital. "Our patients' health and well-being are of utmost importance to us. So is the security and privacy of their information."