How do you convince management that Security Rule compliance is important?
HIM-HIPAA Insider, March 22, 2004
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Q: Is there a way to convince management that Security Rule compliance is just as important, if not more so, than Privacy and Transactions and Code Sets compliance?
A: As everyone is hearing more and more about hackers, viruses, and loss
of confidential information in the media, information security is finally
reaching the radar screens of lots of managers. Also, many managers are
seeing that protecting the information that the organization couldn't
survive without, is the logical thing to do and an all-around good way of
running a business.
In addition to these general statements, there are two main HIPAA-related
points you can make: 1) It's common knowledge, yet often overlooked, that it's technically impossible to achieve Privacy Rule compliance without
implementing many of the security measures outlined in the Security Rule,
and 2) With all the time, effort, and money that has been and will be
spent on Privacy and Transactions and Code Sets Rule compliance, why throw it all away by not properly securing PHI where it's most vulnerable?
Besides, the Security Rule is one of the three major parts of HIPAA
administrative simplification.
If you receive pushback or other concerns, simply treat those as requests
for more information. You don't want to bug them or overwhelm them, but
you can certainly run some security tests or find some of the answers
they're looking for and return with that information in hand. Remember,
with information security, knowledge is power (for you) and education is
key (for your upper managers).
Editor's note: Answered by Kevin Beaver, CISSP, a consultant with
Kennesaw, GA-based Principle Logic, LLC. This is not legal advice. Be sure to
consult with your facility's legal counsel for legal matters.
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Related Products
-
Briefings on APCs
Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...
-
HIM Briefings
Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...
-
Briefings on Coding Compliance Strategies
Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...
-
Briefings on HIPAA
How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...
-
APCs Insider
This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...
Most Popular
- Articles
-
- Don't forget the three checks in medication administration
- Practice the six rights of medication administration
- Note similarities and differences between HCPCS, CPT® codes
- ICD-10-CM coma, stroke codes require more specific documentation
- Q&A: Primary, principal, and secondary diagnoses
- Skills of effective case managers
- Prevent dehydration with nursing interventions
- Complications from immobility by body system
- OB services: Coding inside and outside of the package
- Know guidelines and subtle differences in code descriptions for laceration repairs
- E-mailed
-
- Trainer's tip: Restorative nursing versus rehabilitation
- Q&A: Unrelated surgical procedure DRGs
- Q&A: Monitoring contracted services
- News: Recently published Coding Clinic confirms some ICD-9 guidance still applicable
- Learn how to read an OP report
- Follow 72-hour and 24-hour rules
- CMS approves merger of HFAP with Accreditation Commission for Health Care
- Ask the expert: How often should your medical staff conduct OPPE?
- Searched
