|Managing EMRs beyond regulations|
|While HITECH and HIPAA have been instrumental in promoting the adoption of EMRs, they have also enforced strong security and privacy policies around the protection of sensitive patient data. Following these five guidelines will help your organization implement a complete access assurance strategy.|
By Kurt Johnson
Protecting confidential patient data has never been an easy task for healthcare organizations. Staff turnover can be frequent, employees’ roles are constantly changing and there is often a high level of contract work being performed – all factors that make it challenging for IT professionals to appropriately manage user access to patient records and other sensitive company data. In addition, the rapid adoption of electronic medical records (EMRs) industry-wide has added even more complexity to the IT puzzle, as patient data becomes more accessible over many different devices. While protecting patient privacy has always been of critical importance, there is now an additional layer of focus – compliance.
Healthcare organizations face a number of industry regulations, but perhaps the most notable are the Health Information Technology for Economic and Clinical Health (HITECH) Act and the Health Insurance Portability and Accountability Act (HIPAA). While HITECH and HIPAA have been instrumental in the promotion of adoption of EMRs by outlining steps to adopt and use electronic patient records for healthcare organizations, they have also enforced strong security and privacy policies around the protection of sensitive patient data. Healthcare organizations that fail to demonstrate compliance with these regulations are not only at risk from data breaches, but they are also susceptible to penalties such as fines, withdrawal of government funding, criminal charges or even incarceration.
But while it’s in the best interest of healthcare organizations that are implementing and utilizing EMR systems to comply with HITECH and HIPAA, simply demonstrating compliance does not mean they are secure. Put another way, being compliant does not ensure patient privacy. Beyond these industry regulations, it is incumbent upon healthcare organizations to implement effective risk management and security best practices in order to control access to confidential patient information and other corporate data as a means of good customer service. Patients want to be assured that their personal information will not be privy to unauthorized users and that their hospital’s or doctors’ offices are taking all of the precautions necessary to prevent a data breach.
Implementing an effective access assurance strategy
Once you have a clear understanding of the security risks that threaten your organization, you must define, assess, verify and enforce proper user access policies in order to minimize high-risk areas, protect sensitive patient data from unauthorized user access and prevent the misuse of patient records by authorized users. Here are five tips to help you effectively manage user access to EMR systems and other corporate networks:
By following these guidelines, healthcare organizations will be able to implement a complete access assurance strategy that allows them to ensure that only the right employees have the right access to the right resources and are doing the right things. Otherwise, they are more susceptible to compliance violations and data breaches – both of which can be detrimental to a company’s bottom line as well as its reputation.
About the author
|Subscribe to Health Management Technology | Contact the Publisher | Advertise With Us | Privacy Statement|
Copyright 2011 NP Communications LLC,