How do you convince management that Security Rule compliance is important?
HIM-HIPAA Insider, March 22, 2004
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Q: Is there a way to convince management that Security Rule compliance is just as important, if not more so, than Privacy and Transactions and Code Sets compliance?
A: As everyone is hearing more and more about hackers, viruses, and loss
of confidential information in the media, information security is finally
reaching the radar screens of lots of managers. Also, many managers are
seeing that protecting the information that the organization couldn't
survive without, is the logical thing to do and an all-around good way of
running a business.
In addition to these general statements, there are two main HIPAA-related
points you can make: 1) It's common knowledge, yet often overlooked, that it's technically impossible to achieve Privacy Rule compliance without
implementing many of the security measures outlined in the Security Rule,
and 2) With all the time, effort, and money that has been and will be
spent on Privacy and Transactions and Code Sets Rule compliance, why throw it all away by not properly securing PHI where it's most vulnerable?
Besides, the Security Rule is one of the three major parts of HIPAA
administrative simplification.
If you receive pushback or other concerns, simply treat those as requests
for more information. You don't want to bug them or overwhelm them, but
you can certainly run some security tests or find some of the answers
they're looking for and return with that information in hand. Remember,
with information security, knowledge is power (for you) and education is
key (for your upper managers).
Editor's note: Answered by Kevin Beaver, CISSP, a consultant with
Kennesaw, GA-based Principle Logic, LLC. This is not legal advice. Be sure to
consult with your facility's legal counsel for legal matters.
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Related Products
-
Briefings on APCs
Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...
-
HIM Briefings
Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...
-
Briefings on Coding Compliance Strategies
Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...
-
Briefings on HIPAA
How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...
-
APCs Insider
This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...
Most Popular
- Articles
-
- Don’t forget the three checks in medication administration
- Differentiate between types of wound debridement
- Note similarities and differences between HCPCS, CPT® codes
- OB services: Coding inside and outside of the package
- Know guidelines and subtle differences in code descriptions for laceration repairs
- What to include on the incident report
- Practice the six rights of medication administration
- Complications from immobility by body system
- FREE Tool: Conflict Resolution Worksheet
- Executive Briefings: Joint Commission Surveyor Focus Remains on EC, LSC, Ligature Risks
- E-mailed
-
- Expect door repairs to take time as CMS re-quirements create backlog of parts
- Executive Briefings: Joint Commission Surveyor Focus Remains on EC, LSC, Ligature Risks
- Survey: Number of GME programs, residents continue to rise
- I've been there, I know the way: More Executive Briefings goodness
- ICD-10-CM coma, stroke codes require more specific documentation
- FDA warning on surgical fires
- Ensure coding accuracy by following rules for selecting a principal diagnosis
- Don’t forget the three checks in medication administration
- Dig into the details of wound care documentation
- Coding Clinic for CDI:Reassessing debridement documentation
- Searched