Health Information Management

How do you convince management that Security Rule compliance is important?

HIM-HIPAA Insider, March 22, 2004

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Q: Is there a way to convince management that Security Rule compliance is just as important, if not more so, than Privacy and Transactions and Code Sets compliance?

A: As everyone is hearing more and more about hackers, viruses, and loss
of confidential information in the media, information security is finally
reaching the radar screens of lots of managers.  Also, many managers are
seeing that protecting the information that the organization couldn't
survive without, is the logical thing to do and an all-around good way of
running a business.

In addition to these general statements, there are two main HIPAA-related
points you can make: 1) It's common knowledge, yet often overlooked, that it's technically impossible to achieve Privacy Rule compliance without
implementing many of the security measures outlined in the Security Rule,
and 2) With all the time, effort, and money that has been and will be
spent on Privacy and Transactions and Code Sets Rule compliance, why throw it all away by not properly securing PHI where it's most vulnerable?
Besides, the Security Rule is one of the three major parts of HIPAA
administrative simplification.

If you receive pushback or other concerns, simply treat those as requests
for more information.  You don't want to bug them or overwhelm them, but
you can certainly run some security tests or find some of the answers
they're looking for and return with that information in hand.  Remember,
with information security, knowledge is power (for you) and education is
key (for your upper managers).

Editor's note: Answered by Kevin Beaver, CISSP, a consultant with
Kennesaw, GA-based Principle Logic, LLC. This is not legal advice. Be sure to
consult with your facility's legal counsel for legal matters.


Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular