How to convince your business decision-makers to establish and fund a budget for security and privacy
The following podcast is an excerpt from the webinar session presented by Eric Hummel of QIP and John Kornak of University of Maryland as they discuss how to convince your business decision-makers to establish and fund a budget for security and privacy
Making the Case for your Security-Privacy Budget (1)
Leading security specialist Eric Hummel spends some time discussing basic fundamentals required for enacting an audit ready risk management program. This podcast is the second in the series Getting a grip on HIPAA Risk Management. Eric is the lead architect for the HIPAA HITECH EXPRESS solution which is currently being used across the healthcare community as a blueprint for success in implementing Security & Privacy controls required within HIPAA. “H2EXP Dialog R2“
The following podcast series is being delivered by the HIPAA HITECH EXPRESS team members. The series is intended to provide best practice information related to implementing a Risk Management program focused on the HIPAA Security & Privacy Rules. The contributors to this podcast series are members of the virtual security and privacy officers that consult with clients daily on fulfilling the requirements of an audit ready HIPAA Risk Management program. The companies involved in the podcast series are KeySys Health and QIPSolutions. Together these organizations provide the HIPAA HITECH EXPRESS program. The first in the series is “Podcast on Low Hanging Fruit“
Viewing one 8 minute U-tube interview with Dr. Eric Topol, author of “The Creative Destruction of Medicine” is evidence enough that the sand beneath the healthcare world we grew up in, has shifted as dramatically as though a tsunami is sweeping it along:
The reality is that wearable and embedded digital devices used to measure every sign and sense in our bodies are already in the marketplace:
- Devices to measure every vital sign and transmit results to your smartphone
- Devices to perform continuous glucose monitoring without sticking your finger
- Hand held genome mapping devices that can assure the patient will not have a negative reaction to a drug
- Cardiogram application for the smartphone so the patient can see their own heart rhythms and forward results to their doctor if needed.
We have already moved to an electronic and digital world. Patients, not the government or any incentive programs, will be the catalyst for more rapid acceptance of digital solutions in the physician office. Although the timeline for adoption of new evidence-based treatment protocols and the use of digital records by physicians has been disturbingly slow, the ease with which their patients adopt new digital technologies to manage their own health will force the move to the new electronic paradigm.
What has escalated exponentially is the need to secure the myriad digital devices that are already in use by both physicians and patients (smartphones, I-Pads, tablets, etc.). The wave of adoption of hand held digital technologies to deliver better patient care must not be discouraged, but embraced and managed as safely as any other resources used in healthcare delivery. You may be surprised to know where and how the new technologies are already being used in your organization. The goal should be to create policies and procedures to assure the safe creation and transmission of the personal health information generated by them, and not to simply fight the digital wave.
The HIPAA HITECH EXPRESS team can assist you in ensuring the privacy and security of patient health information (PHI) ensuring overall patient care is not compromised for your institution. The HIPAA HITECH EXPRESS solution guides you through the risk remediation process, saving time, money, and reducing threat risk. Our approach focuses on the establishment of repeatable, consistent enterprise-wide behaviors, not just quick fix online checklists and document templates that leave many people asking themselves; What do I do now?
By focusing on understanding What’s Important not a Big Bang approach, we reduce the time necessary to address critical PHI security and privacy issues. We’ve developed a unique guided software approach with step-by-step work plans, with “what to do’s” at every turn. We offer a comprehensive library of simplified policies, procedure, and plan templates that accelerate the learning and implementation process. Our best practice data analysis and proven organizational security compliance expertise leverage lessons learned and comparison benchmarks.
HIPAA HITECH EXPRESS Team
The HIPAA HITECH EXPRESS team assists you in attaining HIPAA security and privacy rule compliance as you implement a secure security and privacy environment. Our Virtual Security and Privacy Team works with you to identify your compliance needs within HIPAA Security and Privacy Rule requirements, determine gaps and prioritize mitigation activities, and perform corrective actions.
We can guide and QA you, or provide as much hands on support as required. Either way, the result is a secure, auditable and protected environment that is ready to continuously manage and monitor .