How important is protecting the patient health information (PHI) to your vendors?
advertisement
Aktueller Standort:
>
> This Story


Log in oder Register to rate this News Story
Forward Printable StoryPrint Comment
advertisement

 

advertisement

 

Health IT Homepage

Actively regulated EHR standards are driving demand for outsourcing critical functionality Staying ahead of the curve as SCRIPT17 deadline approaches

Patient record breaches in 2019 already double the total from last year Report finds almost 32 million patient record breaches, compared to 15 million in 2018

Kaiser Permanente team standardizes definition of complete imaging history Developed prompts to help in order entry process

Everyone’s part in the perfect EMR Tips for optimizing your facility's approach to patient data

Browser beware: Study uncovers data leaks that could impact health IT Chrome and Firefox extensions may cause vulnerability

Getting physicians to embrace telehealth By 2025 the U.S. telemedicine market is expected to exceed $64 billion

Carestream completes sale of IT business to Philips in most countries Now part of Philips in 26 of 38 countries where it operates

The building block(chain) of healthcare’s future? Insights from Eliot Siegel on what needs to happen for blockchain to improve the industry

Neurologica agrees to discounts for Strategic Radiology members Discounts on digital radiography and ultrasound, software and services

US leading digital health record adoption, but falls behind elsewhere: Philips report Country rates poorly in use of telemedicine and AI

How important is protecting the patient health information (PHI) to your vendors?


If a vendor doesn’t want to provide information, or can’t provide good data, the organization needs to perform a risk assessment to determine if they are willing to accept the risk presented from the lack of information.

Update organization BAAs: After doing the two steps above, organizations should have listings of their vendors and their BAAs. For vendors with BAAs, review those BAAs. Have the agreements been updated to reflect the HITECH Omnibus requirements? Are the agreements complete with the names of both parties and the appropriate signatures? Is the contact information correct? If the vendor doesn’t have a BAA, it’s past time to get a BAA. If the vendor with access to PHI refuses to sign a BAA, it’s time to terminate that relationship!
Story Continues Below Advertisement

THE (LEADER) IN MEDICAL IMAGING TECHNOLOGY SINCE 1982. SALES-SERVICE-REPAIR

Special-Pricing Available on Medical Displays, Patient Monitors, Recorders, Printers, Media, Ultrasound Machines, and Cameras.This includes Top Brands such as SONY, BARCO, NDS, NEC, LG, EDAN, EIZO, ELO, FSN, PANASONIC, MITSUBISHI, OLYMPUS, & WIDE.




Monitoring vendors for PHI security is not a “one time” review. A vendor who had a great security person who understood HIPAA and the organization's requirements can have a financial setback and replace the experienced security director to save money. A vendor who assured an organization that their data was stored and processed in the USA can suddenly outsource to an offshore location for processing of the account. While this monitoring can take time and resources, as many have learned in healthcare, a little prevention can often head off a major issue.

Carol Amick
About the Author: Carol Amick is an experienced healthcare compliance professional with over 20 years of experience in healthcare. After starting her career at HCA she moved on to become a compliance consultant for a “Big 4” accounting firm and has since served as the internal audit director, compliance director and privacy officer for several healthcare providers. Carol has worked with post-acute care, outpatient, and acute care providers to develop and implement effective compliance programs. During her time as compliance and privacy director Carol has led numerous investigations into PHI breaches and responded to outside investigations by the OCR, OIG and other regulatory agencies.

Back to HCB News
<< Pages: 1 - 2 - 3

Health IT Homepage


You Must Be Logged In To Post A Comment