Tip: Consider outsourcing parts of your information security program
HIPAA Weekly Advisor, September 11, 2003
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
It may be hard to convince some people, but information security in health care isn't very specific to health care, says Tom Grove, vice president at Phoenix Health Systems in Montgomery Village, MD.
"The biggest difference between information security in health care and other industries, from a technical perspective anyway, is that health care professionals think there is one. Health care is clearly different operationally, but the technical aspects are indistinguishable," he says.
There are few differences among industries, but the health care industry is behind others, says Grove. "We brought HIPAA on ourselves. As an industry, had we been more attuned with these things we should have been doing anyway, we probably wouldn't have these rules now," he says. "Everything HIPAA asks us to do was a good idea 10 years ago, five years ago, and is today."
Outsourcing could be the answer for organizations that lack the technical expertise needed to effectively carry out some or all of the security rule's requirements, says Grove. Hiring an outside consultant or company to handle various aspects of your program could actually save your organization time and money, he says.
"One of the problems with training a staff member on things like firewall management or intrusion detection is, as soon as that person is an expert, he or she will have a very marketable skill and may leave for another job" says Grove. "Then you have to start all over again," and it can be hard to recruit people, he adds.
Many information security people want something more rewarding, he says. "There are more exciting, better paying opportunities out there." Many health care organizations pay lower salaries than other organizations, and it can also be a frustrating environment, says Grove. "In a hospital, it's always a difficult balance. [You might say,] 'I want to tighten this security, but it's going to make things more difficult for the physicians.' And the top management doesn't always understand why things need to be done."
Go to http://www.himinfo.com/news/asktheexpert/ to read more.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- HIPAA Q&A: Level of encryption needed for email
- Identify potential Medicaid RAC target areas
- What does case-mix index mean to you?
- QA:Coding multiple initial infusions
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- CMS has reformulated payments for some bilateral procedures
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched