Get upper management on board with the security rule
HIPAA Weekly Advisor, April 26, 2004
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Q: Is there a way to convince management that security-rule compliance is just as important--if not more so--than privacy and transactions and code sets compliance?
A: Luckily, increased media coverage on hackers, viruses, and loss of confidential information is helping information security reach managers' radar screens. Also, many managers are seeing that protecting the information an organization couldn't survive without is the logical thing to do, and an all-around good way of running a business.
In addition to these general statements, there are two main HIPAA-related points you can make to managers who may still be hesitant:
* It's common knowledge--yet often overlooked--that it's technically impossible to achieve privacy-rule compliance without implementing many of the security measures outlined in the security rule.
* With all the time, effort, and money that has been and will be spent on privacy and transactions and code sets rule compliance, why throw it all away by not properly securing PHI where it's most vulnerable? Besides, the security rule is one of the three major parts of HIPAA.
If you meet resistance, simply treat it as requests for more information. Don't bug or overwhelm them, but certainly run some security tests, find some of the answers they're looking for, and return with that information in hand. Remember, with information security, knowledge is power (for you) and education is key (for your upper managers).
Editor's note: This question was answered by Kevin Beaver, CISSP, founder and principal consultant with Principle Logic, LLC, and coauthor of the book "The Practical Guide to HIPAA Privacy and Security Compliance" published by Auerbach Publications.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- HIPAA Q&A: Level of encryption needed for email
- What does case-mix index mean to you?
- QA:Coding multiple initial infusions
- News and briefs: Oklahoma Osteopathic Association against residency bill change
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- CMS has reformulated payments for some bilateral procedures
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q&A: Follow CMS' coding guidelines when using modifier -25
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched