But let’s not forget, the requirements in place are not without good reason. It’s not process for the sake of process. Rather process for the sake of protection. The privacy and security of each patient’s sensitive information is at stake. Just one file can contain full name, social security number, date of birth – not to mention more private details such as health history, medical ailments and treatment delivered. Fallen into the wrong hands, this information can be devastating – or, quite frankly, just plain embarrassing.

As you know, these repercussions extend beyond the patients. Healthcare organizations themselves face significant ramifications should they encounter a privacy or security breach. And when I say significant, I mean SIGNIFICANT. Not only are their names subject to being publically splashed across what I like to call the “HIPAA Wall of Shame,” but they face considerable financial penalties. As a matter of fact, one of the largest settlements for a HIPAA violation to date amounted to $2.25 million – and that’s not including any civil money penalties that may or may not have followed.

So what am I getting at here? Compliance can be painful. You know it. I know it. We all know it. But what we cannot forget is just how far reaching and devastating the consequences non-compliance can be. Noncompliance puts your patients’ private information at risk, it puts your brand’s reputation at risk, and it puts your organization’s wallet at risk. All these things considered, maybe it is “HIP” to be compliant after all – and maybe we owe all those who dedicate themselves to ensuring it a big thank you.

In honor of HIP week 2012, let’s take a moment to thank those who go to such great lengths to manage sensitive health information securely and in compliance with many ever-evolving regulations. To all those involved, from HIM to the healthcare providers to Health IT – thank you, thank you, and thank you.

Looking for ways you can improve the safety and security of your patient information? Check out this HIPAA Best Practice Checklist.

The problem is, there is a still a lot of confusion in the market as to what constitutes a “true” VNA.  The market is riddled with me-too vendors making bold claims of neutrality when in fact their solution may not be “truly” vendor neutral at all.  Buzz words like “DICOM Archive” and “Super-PACS” are quickly thrown out but seldom clearly defined leaving you to decipher, “What classifies a true Vendor Neutral Archive?” and “What does good look like?”

The good news is there are resources out there to help guide you through your “due diligence” process. Articles such as “What is a Vendor Neutral Archive” clearly outline the capabilities and functionalities that characterize a truly neutral vendor archive.  Admittedly the reading can be a bit technical – a.k.a. painful – but it is without a question worth it.  With a better understanding of what a VNA should be able to deliver and the functionality required to make that happen, you’ll have a clear benchmark in which you can compare and contrast the various VNA solutions out there.  What’s more, you’ll be better prepared to ask vendors the type of questions necessary to expose the strengths and weaknesses of their solutions.  After all, HIMSS 2012 is in Vegas – what better time to call a vendor’s bluff?

Give the article a read and let me know your thoughts. And, if you’re interested in learning more, simply stop on by Iron Mountain booth #2558 to speak with me in person at HIMSS 2012.  And be sure to follow me on Twitter @MichellePaster and use the hashtag #HIMSS12 to follow the event.

Related Content:

• The Forecast for HIMSS 2012 is Cloudy and I’ve Got 3 Reasons Why That’s a Good Thing
• HIMSS 2012 Is All a Buzz about the Cloud but Is Anyone Really Using It?
• Once Again, Halamka Gets It Right: When It Comes to Health IT, It’s All About the Process
• If You Think A Successful EMR Transition Is All About the Data, Think Again – It’s All About the Docs
• Design the Optimal Healthcare Records Retention Schedule

1. Negative Perception is Dispelling: It’s not just talk anymore. Early adopters (like Regional Medical Center in Memphis, Desert Radiologists in Las Vegas, Maria Parham Medical Center in North Carolina, and Rockford Memorial Hospital in Illinois) are continually proving the benefits of cloud technology in terms of accessibility, cost savings, and enhanced disaster recovery. What’s more, both the technology and the vendors (at least the good ones) have evolved. There are cloud storage solutions in the market today that are uniquely tailored to address healthcare-specific needs, particularly the requirements of HIPAA. As a result, misperceptions around data’s vulnerability or the lack of security in the cloud are dispelling.
2. The data boom is in full swing: Knee deep – or perhaps neck deep – in EMR transition healthcare provides are seeing exponential data growth that is becoming otherwise unmanageable using traditional archiving methods alone. The pains today are no longer prophesized, they are being realized. The complexity of managing the hybrid, or in some cases, the fully electronic environment, requires Health IT managers to update legacy processes and technology that supports them if they are to continue to meet accessibility, backup, and disaster recovery requirements.
3. Budgets are shrinking and cost cutting initiatives are growing: In today’s market, money is tight. With so many critical initiatives to support – ICD 10 Transition, EMR transition, and ACO development- healthcare organizations, much like everyone else, need to identify ways to do things better, faster, cheaper. Once dismissed as a costly solution to implement, people are beginning to realize that the long term year over year savings associated with cloud storage more than justifies the upfront expense – not to mention frees up some of your much needed resources to focus on the multitude of other critical business initiatives you’ve got on your plate.

We want to hear from you! How has your perspective of the cloud shifted in the last few years? And, do you anticipate any change in the tone or direction of cloud-based conversations at HIMSS 2012 this year? Jump into the discussion in the comments field below.

Going to HIMSS 2012? Learn how to Make Medical Data More Useful when you visit Iron Mountain at booth #2558 during the HIMSS 2012 Conference. And be sure to follow me on Twitter @MichellePaster and use the hashtag #HIMSS12 to follow the event.

Related Content:

• HIMSS 2012 Is All a Buzz about the Cloud but Is Anyone Really Using It?
• Once Again, Halamka Gets It Right: When It Comes to Health IT, It’s All About the Process
• If You Think A Successful EMR Transition Is All About the Data, Think Again – It’s All About the Docs
• Design the Optimal Healthcare Records Retention Schedule
• When Process Efficiency and Technology Become Personal

One can’t help but to question, if everyone is talking about it, why isn’t everyone using it?  My guess is that much like any new technology; cloud storage is a victim of the risk adverse buyer.  Many see value in adopting the technology but prefer to wait for early adopters to weed out the bugs and troubleshoot the problems. That way, when they finally do decide to implement it, they are getting the more refined, more efficient version.  It’s hard to argue with that strategy – but I’ve always liked a good argument so you can bet I’m going to try.

Take a look at the flip side.  The longer healthcare providers wait to adopt cloud storage, which will inevitably become the norm in the healthcare industry, the longer they will forego the benefits. And, let’s not forget, the technology has matured vastly in a very short period of time. Providers are using it today and already realizing significant benefits in the form of cost savings, improved accessibility, and enhanced disaster recovery. All that considered, is there really any significant benefit to being a laggard or late adopter?  I’d have to argue no.

I’m not alone in my thoughts on this.  In fact, a recent InformationWeek article featured Ken Rubin, VP of Healthcare Division at Iron Mountain, addressing this very idea.  In the article, Rubin candidly recognizes healthcare CIOs’ apprehension to adopting cloud services but continues on to strongly encourage CIOs to take a second look at the technology. Why? He believes that with consideration of 5 Key Criteria healthcare providers can not only begin realizing the benefits of the cloud today, but can do so while meeting HIPAA regulations. If you agree with Ken’s train of thought, as I do, then there would be no reason to wait. You’d simply be prolonging the time it takes to reap the rewards of cloud technology, and increasing the costs and headaches associated with managing your ever-growing volume of data in between.  But I suppose that’s the question, isn’t it? Where do you stand on the matter?  For those planning to attend HIMSS 2012, how seriously are you considering the adoption cloud storage for your organization?  If you aren’t, what is it most holding you back?

————————————————————————————————————————————

Going to HIMSS 2012? Learn how to Make Medical Data More Useful when you visit Iron Mountain at booth #2558 during the HIMSS 2012 Conference. And be sure to follow me on Twitter @MichellePaster and use the hastag #HIMSS12 to follow the event.

————————————————————————————————————————————

RELATED CONTENT

• Once Again, Halamka Gets It Right: When It Comes to Health IT, It’s All About the Process
• If You Think A Successful EMR Transition Is All About the Data, Think Again – It’s All About the Docs
• Design the Optimal Healthcare Records Retention Schedule
• When Process Efficiency and Technology Become Personal
• A Booster Shot for Healthcare Data Archiving

In a recent CMIO article,  John Halamka (MD, CIO of Beth Israel Deaconess Medical Center) offers a compelling reason as to “Why every hospital larger than 50 beds needs a CMIO.” As usual, his argument was well thought out, poignant and, as always, dead accurate.  That said, it was not the lead topic that struck me but rather a single point within the context of the article, “Clinical applications are only as good as the processes they automate.” While seemingly so obvious, this essential component is often overlooked. As healthcare providers race to become fully electronic and meet meaningful use requirements, there is often little time to stop and re-evaluate legacy processes. But what is the risk if you don’t? Well, to name a few: extra costs, loss of productivity, and ultimately undermining the very thing you are striving to do which is make your data more meaningful and useful.

Manual processes are not independent of digital processes and vice a versa.  Unfortunately, there are far too many “me too”, here-today-gone tomorrow vendors out there looking to capitalize on today’s health IT boom.  With limited, if any, expertise in healthcare space these vendors are poorly positioned to help you uncover and address inefficiencies in existing workflows.  This lack of expertise often proves disastrous. In fact, an Accenture study of 15 CIOs found that most underestimated the time and costs associated with implementing advanced EMR by nearly 100%. Why is that?

Well, clearly there is the fact this is uncharted territory.  When the mandate to transition came out, it was gray at best, leaving many of the guidelines and regulations subject to interpretation.  And, with meaningful use deadlines looming, healthcare providers had no choice but to dig in and get the ball rolling knowing full way they may need to adjust or “auto-correct” their strategy as they go. But, another factor for consideration is the fact that this is not purely an IT issue. It’s much larger.

Health IT considerations must extend beyond the cheapest software, fastest implementation, or interface functionality alone.  Yes, all of these are important but it’s important to look at implementation holistically. In order to implement a solution that fully meets your organizations’ needs, and generates the long term costs savings you are hoping for, you’ve got to evaluate the entire transition spectrum – from paper to electronic.  This includes building a plan that will reduce your organizations dependency on paper (and, in turn, the cost of managing that paper) and facilitate large-scale adoption of the EMR.  To do that, you must have a clear understanding of how your paper processes work today.  For example, what types of information are being recalled most frequently, how is that information being used, and when do requests to retrieve information drop off? This understanding will enable you to convert only the information needed, avoid cluttering your new system with unnecessary information, and ensure your clinicians maintain accessibility to all the information they need – before, during, and after the transition. This is essential not only from a usability standpoint but also a long term manageability standpoint. Keep in mind, whatever is entered into your electronic system will need to be managed and maintained over the long-term.  Even under the best circumstances, the large volumes of information that will need to be converted in order to facilitate an EMR transition will lead to a data boom that will undoubtedly strain your current IT infrastructure.

However, should your EMR transition be initiated without proper consideration of workflow and use cases, you will undoubtedly find yourself facing the very inefficiencies that were driving up costs and inhibiting productivity in your organization in the first place. That includes the inability to find information quickly, managing inefficient “work around” systems and processes, and the additional – yet very avoidable- cost of holding onto paper records for far too long or archiving and backing up digital information that never needed to be carried over the EMR in the first place.

Related Links:

• If You Think A Successful EMR Transition Is All About the Data, Think Again – It’s All About the Docs
• Design the Optimal Healthcare Records Retention Schedule
• When Process Efficiency and Technology Become Personal
• A Booster Shot for Healthcare Data Archiving
• The Digital Revolution Almost Killed Me – And Healthcare Just Might Be Next

So, admittedly begrudgingly, I hopped on the social media band wagon. Full disclosure – at first, it was extremely frustrating. Adopting this new technology required me to change the way I thought, change the way I behaved and, perhaps most painfully, change my daily routine. Figuring out where to start was half the battle. But like anything, the more I did it, the easier it became and the better I got at it. Eventually, the technology that I had envisioned distracting me from my core responsibilities became a key driver of efficiency in my day to day life. The reality is everything just became that much more accessible. Now, up-to-the-minute news tailored to my specific interests automatically funnels through my TweetDeck, industry peers and leaders that would have otherwise been inaccessible through traditional communication mediums are a simple tweet away, and customer insights are easily uncovered through the multitude of specialized groups, forums and communities.

Reflecting on my journey, I can’t but help to think about others going through a similar transition: healthcare providers. As the EMR takes the healthcare world by storm, providers are facing a digital revolution with many of the same challenges I faced – except with much higher stakes. Adoption is difficult. It’s uncomfortable. And at first, it will feel like more of a distraction than a driver of efficiency. Organizations can, and may, choose to slowly wade into the shallows, holding onto what’s comfortable. But much like my one man march against social media, it’s a fruitless effort. The industry is evolving and will continue to evolve – with you or without you. Those that hesitate will run the risk of falling exceedingly behind in very big ways, most importantly in efficiency and quality of care. The reality is, jumping in early and facing these challenges head on will undoubtedly pay off over the long term.

That said, I am in no way over simplifying a very complicated challenge. Achieving full scale EMR adoption is far more complex than simply installing TweetDeck on your desktop or learning to hold your content to 140 characters per Tweet. It requires an organizational revolution. Everything from technologies, to workflows, to the way providers treat their patients needs to be re-evaluated and reengineered. And that’s only half the battle. Once the framework is in place, providers will still need to be convinced that this undoubtedly painful change is worth breaking away their very comfortable, perfectly honed routines. Harder yet, they’ve got to be persuaded to invest time they don’t have to adapt to a new process – and, dare I say it, new technology. So how do you do it? How do you encourage risk adverse, time-strained, creatures-of-habit like myself to not only break away from what’s comfortable but to remain committed throughout the process in order to make it out to the other side? Sadly there is no one size fits all answer. There are, however, a few best practice tips and tricks that can help you along the way:

• Calm Their Fears: If you are early in your EMR implementation, the best way to alleviate the fears that can drive provider resistance is include your providers in the process. Keep in mind, physicians will need to adjust not just the way they record their appointments, but the way they interact during the patient visit. Don’t leave them to wonder and worry about how the changes will affect them. Have open conversations. Ask them how they work and what they need. Giving them some say in the interface layout and functionality, as well as the process changes coming down the pike, will alleviate concerns that the new program “isn’t going to work for the way I work.”
• Speak to Their Pains: While of course the benefits EMRs bring to the organization as a whole are important to your doctors, it’s fair to assume that any large scale change will trigger the question: What’s in it for me? Again, don’t leave this open to perception. Point out the benefits the new system can bring to them personally over the long term if they are just willing to stick with you through the difficult transition. Less time processing paper work and in turn more time at home with their families? Or, perhaps, for a smaller family owned practices, the ability to see more patients in a shorter period of time and, as a result, more money in their own pockets. Personal gain is always a best lever to pull when trying to drive mass change.
• Be Interactive – or Better Yet, in Person: With the wealth of technology today and the bleak economic climate, organizations are looking for ways to do stuff better, faster cheaper. And, rightfully so. That said, don’t skimp on training. If you really want to drive adoption it is essential you invest the time and, dare I say it, dollars to ensure your providers are comfortable with the new system. An extensive kickoff training session is a good start – and the more hands on the better. It’s easy to check out when listening; you have no choice but to learn when doing. It’s also important that you build a balanced training plan. One-and-dones won’t work. Your training process should include multiple check-in points, an extensive set of training tools, and an easy to use channel of communication for continued support. Keep your providers focused on where they are in the learning process but also give them a glimpses into what’s next to reinforce why it’s important to master the task at hand today.
• Make No Assumptions: When building out your training plan do not make any assumptions as to what is understood. Each and every person in your organization will have a different level of comfortability with technology in general, let alone a new platform. Don’t be afraid to state the obvious. Training should start at the most basic level and build off a demonstrated understanding. Remember, often, getting started is the hardest part. You’ve got to make your providers feel confident early – even if it is only using the most basic functions. Otherwise, they will become overwhelmed and the desire to adopt will wane. This type of negative first experience will undoubtedly increase resistance and make widespread adoption far more challenging to obtain.

Don’t Be Afraid to Compare: Healthy competition is good. In my case, it was the key driver. No one wants their skill set to become outdated or obsolete. Don’t be afraid to internally communicate what’s going on outside of your organization. Are your competitors ahead of you in the adoption curve? How many of your peers are fully electronic? What benefits are these organizations and their providers gaining from it? I can think of no more compelling argument for change than realizing the industry is moving along and will continue to so – with or without you.

Do you have more questions about your EMR transition options? Read additional Knowledge Center stories on this subject, or contact Iron Mountain’s consulting services team. You’ll be connected with a knowledgeable product and services specialist who can address your information management challenges.

• What’s Motivating Your EMR Conversion Plan?
• The HIPAA Hall of Shame: Getting Your Name on the List Is Easier Than You Might Think
• If You Think A Successful EMR Transition Is All About the Data, Think Again. It’s All About the Docs.

For the many, the idea of corporate travel remains glorious, conjured up by endless thoughts of seeing the world, wining and dining, and getting away from our – I couldn’t love them anymore but sometimes they drive me nuts – kids  for the week.  Okay so maybe that last part has a little truth to it.  But the reality of work travel is much more, well, frustrating.  Many of us live out of bags, running in and out of airports, cabs, and corporate centers, spending infinite hours of our lives, well, just waiting.  Waiting in a security line to be uncomfortably frisked or scanned.  Waiting for the inevitably late departure.  Waiting to board the plan, waiting to land, waiting to de-board – well you get the picture.

So, what’s happening when we are doing all this waiting?  People are doing, people are living and, though we are making our best attempt to get ahead, we can’t help but to feel that we are in some way falling behind.  The emails pile up in our blackberries, our projects become bottlenecked, and our kids go to their sporting events, school plays, and music recitals without us.  Feel the guilt setting in?  Good.  Then I have effectively communicated the daily struggle.

Welcome to the new world – where everything is immediate, no one is ever out of reach and the idea of nine-to-five has become nothing short of a distance memory.  Business is global, economies are intertwined, acquisitions are common and few of us have the luxury of focusing on a sole location or small local market.  We are assigned to manage multi-locations, work larger territories, and address the global market.  Our professional success – as well as our success as parents, spouses, and friends – is contingent on our ability to balance all of this well.

As result, we crave efficiency. We crave advances in technology.  Anything that will allow us to gain back time or communicate with ease.  It’s the whole idea of work smarter not harder (or in reality do both). For some it means planning, for others it means leveraging technology, and for most of us it means both.  From a process standpoint, we all have our packing routines, strategic travel routes, and tricks and tips about which flight has the highest likelihood of getting out.  We strive to optimize our time, cramming our schedules with as many client visits, vendor meetings, and site inspections as humanly possible.  But that can only take us so far.  We must then rely on our BlackBerries, lap tops, and iPads, to connect to, well, our lives.  These technologies provide the tools we need to manage our rigorous schedules as well as the ability to quickly connect with clients, co-workers, and, yes, even our families regardless of location or time zone. Only through this perfect blend of process and technology are we able to sustain our fast pace – or, at the very least, stay afloat.

Process efficiency and technology, terms once considered “corporate jargon”, have become personal. We’ve change the way we work.  We’ve change the way we communicate.  And we’ve changed the way we live.  For better or worse – or perhaps, more accurately, a bit or both.  In this new economy, each of us is being professionally and personally tasked to “do more with less.” And the reality is, for both scenarios process improvement and the strategic use of technology are essential. One is not nearly as effective without the other – and, to survive, we’ll need both.

Related Links

• I Learned about Trigger Events in My Closet
• If You Think A Successful EMR Transition Is All About the Data, Think Again. It’s All About the Docs
• The HIPAA Hall of Shame: Getting Your Name on the List Is Easier Than You Might Think

Are we surprised?  The hybrid environment is complex – and did I mention costly? Physicians are struggling to treat patients with records in both paper and electronic formats, in an environment where they availability and completeness of the record is constantly in question.  Is the electronic record complete?  If not, will I be able to locate the corresponding paper record quickly?  What information is captured where and how can I be sure I’m looking at it all? All this time spent referencing multiple file formats distracts providers from their core mission of delivering quality patient care and, often, results in fewer patients treated daily. As we all know, fewer patients equal less revenue and, the last time I checked, less revenue is never a good thing.

Sadly, there is no magic bullet.  Sure, the implementation of an EMR system with a user-friendly interface is critical and a commitment to clear, consistent EMR training will go a long way. But I caution you, if you are not also evaluating how your current physical storage and scanning processes are influencing your provider’s perception of the EMR, you might be missing an opportunity to further accelerate their adoption of it. Think of it this way, the less painful and distracting you can make the hybrid environment; the more your physicians will be able to focus on learning the EMR technology and delivering patient care.

Centralization of your paper records is an essential component of this. I can already hear what you’re thinking: What could the location of my physical records have to do with the adoption of the electronic record?  The quick and easy answer – nothing and everything. Your providers may have no idea of how you are housing records today or even where they are located. However, they do know how long it takes you to deliver them. The quicker and easier you are able to locate physical records, the more streamlined your scanning processes will become, and, ultimately, the less time your physicians will lose waiting on the information necessary to deliver care. This leads me to critical component number two; the delivery of the record.

It is important that you deliver patient information to your providers in a consistent format– and the earlier you can do this, the better.  While we all know the hybrid environment will continue to exist in the back of the house for quite some time; it’s important to understand it does not have to extend to the front of the house.  Leveraging an image “on demand” or “just in time” scanning process, you can pull the physical file upon request, scan it, and deliver it electronically to the point of care.

The benefits of this are twofold.  One, if you’ve centralized as I suggested above, you no longer have to track down and manage two mediums of information across the organization. Your physical file remains securely onsite throughout the entire process.  No chance of getting lost in transit.  No chance of the provider hoarding it in his or her office.

And two, this process can actually help you reduce dependency on paper. By scanning the physical record and delivering it consistently in an electronic format, you are reinforcing the use of the EMR and, for the most part, keeping paper record out of site and out of mind. What’s more, the time your physicians have to spend sorting between multiple file formats is minimized. This allows them to focus their efforts on learning how to navigate the EMR system – not the hybrid environment.

Bottom line, there is no quick fix to accelerate physician adoption.  However, it’s important to note that your physicians’ adoption of the EMR will be directly correlated to how seamless you can make the transition process.  Incorporating a few of these best practices can go a long way in making your providers’ transition through the hybrid environment to the EMR more seamless, less painful, and, hopefully, faster.

[1] Merrill, Molly.  Hospital Execs cite doc adoption as biggest MU hurdle.  Healthcare IT News.  February, 17, 2011

• A Smooth Transition to an Effective Electronic Medical Records System
• What’s Motivating Your EMR Conversion Plan?
• The HIPAA Hall of Shame: Getting Your Name on the List Is Easier Than You Might Think
• Are You Prepared for Mother Natures Wrath?
• Meaningful Use Drives Agenda in Healthcare IT

If you’ve been following the recent coverage – and I know you have –the number of data breeches has been steadily rising since September of 2009.  In April of 2011, the total number of health information breeches had reached 265 affecting over 10.8 million individuals – and let’s keep in mind, that’s just reported cases. 

So why so many?  Unlike the Baseball Hall of Fame, having your name added to the HIPAA Hall of Shame is easier than you might think.  Compliance is painfully complex and even the largest most sophisticated organizations get it wrong sometimes.

As a matter of fact, often it’s not what you do but, rather, what you don’t do. Most of us think of HIPAA regulations in terms of compliance.  Indeed, compliance is absolutely necessary, but you must also understand the best practices that go beyond compliance to further mitigate risks and prepare your team for that ugly “A” word – yes, I mean audit. 

Here are a few best practice tips to help you keep your organization’s reputation, and wallet, in tact:

Conduct a Risk Assessment

Though it might be painful, a thorough risk assessment is really the core of any HIPAA compliant program.  A gap analysis comparing your program’s privacy and security controls to HIPAA’s privacy and security requirements will help you better understand where you are today and what areas you will need to address in order to achieve a fully compliant information management program.

Ensure the Appropriate Safeguards Are in Place to Address the Entire Lifecycle of the Record

Once you have identified your gaps, you will need to ensure reasonable and appropriate policies and procedures are in place to satisfy the detailed requirements of the Privacy and Security Rules. These policies and procedures should address the use, disclosure and security of PHI. In other words, you need to have the appropriate safeguards in place to protect both physical and digital information at every stage of its lifecycle – whether in storage, in transit, or in use. 

Document Your Procedures and Train Your Employees 

Having these procedures in place is half the battle but you aren’t there yet. It’s essential your procedures be documented and your employees trained. After all, what good are these procedures if you can’t prove they exist and demonstrate that your employees are using them?  The ORC doesn’t make decisions based on what you say you do; they evaluate what you are actually doing. 

Validate Your Vendor’s Compliance

Of course, most vendors will say they are HIPAA compliant. As a healthcare entity, you have certain responsibilities for making sure your business associates meet their HIPAA privacy and security obligation.  Do your due diligence and ask the hard questions upfront. If you aren’t certain of what those questions should be, I might suggest reading the HIPAA Primer, which actually outlines five key questions healthcare entities should be asking to validate their vendor’s compliance. This is an essential component of any compliant program that will go a long way in protecting your patients’ sensitive information and, ultimately, your organization’s reputation. 

Monitor, Audit, Update, Repeat

The industry today is continually evolving – and so are the requirements.  This means you can’t simply rest on achieving compliance.  You need to proactively maintain it.  This can only be done by continually monitoring the regulatory landscape and internally auditing your existing program. The person responsible for your auditing process should be clearly documented as well as what your internal audit process includes and what changes are made as a result. Only by auditing and updating your program on a regular basis can you feel confident that your organization will be prepared to meet the demands of the OCR should that ugly little “A” word – and, again, yes I mean audit – come knocking on your door.

Related Content

• The State of Scanning, Paper and EMR Transition
• Are You Prepared for Mother Natures Wrath
• Privacy Implications of the Scraping of Healthcare Data
• Meaningful Use Drives Agenda in Healthcare IT