A privacy and information security governance model
HIM-HIPAA Insider, August 11, 2014
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
A governance operating model describes the structure, oversight responsibilities, and infrastructure for a program or functional area. Structure includes program design, reporting relationships, and oversight committee charter and membership. Program oversight responsibilities lie with the board, the oversight committee, senior leaders, and managers responsible for daily program operations. Infrastructure refers to the policies, procedures, and processes associated with a program.
Effective privacy and information security programs start with attention to governance. Governance refers to the roles and responsibilities established by the board and senior leadership to direct and oversee the program, based on an organization's mission, goals, and requirements for protecting information assets.
The following guidelines are helpful when establishing and measuring privacy and information security structure and processes with governance as the foundation:
1. Establish governance that includes and specifies the oversight role of the board of directors. The board is responsible for privacy and security oversight. This includes ensuring that risk analysis and risk mitigation activities are considered integral to an organization's overall risk profile. Board bylaws and operating rules must address privacy and information security oversight.
2. Select a board committee to oversee the privacy and information security program. Address privacy and information security program oversight responsibilities in the committee's charter. Privacy and information security oversight can be assigned to risk, safety, quality, or compliance and audit committees. This decision depends on committee structure and board member skills that can guide the programs.
3. Train new and established board members and senior leaders. As with other areas of board oversight, privacy and information security concerns may change over time. New risks, changes in technology, EHR development, patient portals, and patient engagement are just a few examples of developments that can affect an organization's privacy and information security program. Finding time to become knowledgeable about privacy and information security as key risk areas may be challenging for board members, but doing so is essential. Effective and robust privacy and information security is necessary to avoid reputation, regulatory, and financial risk.
This article is adapted from The Complete Guide to Healthcare Privacy and Information Security Governance, published by HCPro, a division of BLR.
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Related Products
Most Popular
- Articles
-
- Don't forget the three checks in medication administration
- Five ways to safeguard your patients' valuables
- Note similarities and differences between HCPCS, CPT® codes
- Q&A: Primary, principal, and secondary diagnoses
- The consequences of an incomplete medical record
- Reimbursement for Facility and Professional Services in a Provider-Based Department by Gina M. Reese, Esq., RN
- Skills of effective case managers
- Nursing responsibilities for managing pain
- OB services: Coding inside and outside of the package
- Practice the six rights of medication administration
- E-mailed
-
- Plan of Care Supports Documentation of Homebound Status
- Q/A: Coding infusions to correct low potassium levels
- Note from the instructor: CMS clarifies billing guidelines on proper billing for drugs in a single-dose or single-use vial, including billing for discarded drugs
- Neurological checks for head injuries
- Modifiers and medical necessity
- HIPAA Q&A: Cameras in patient rooms
- Follow these tips to properly report bladder catheter codes
- Examine cardboard boxes stored on floor to avoid infection control, life safety citations
- Differentiate between types of wound debridement
- Consider two options for coding Rho(D) immune globulin given in pregnancy
- Searched