At the 2023 HCCA Compliance Institute there is a sure to be fascinating roundtable discussion lead by Marti Arvin, Vice President, Chief Compliance Officer, Erlanger Health System, Joan M. Podleski, Chief Privacy Officer, Children’s Health and Adam Greene, Partner, Davis Wright Tremaine, LLP. They will be addressing a range of privacy and data-related issues.
In this podcast one of the topics they discuss are the complexities around access. Often, for example, raw data is not kept in the main health information management system (HIMS).
Another challenge is proper website disclosures and how visitor data is used and shared. OCR has issued guidance in this area that has earned a great deal of attention. But, it is likely to be a hard problem to solve since organizations will need to determine exactly what data they are collecting, using and storing.
To help manage these issues they strongly argue for investing the time and effort in developing clear processes for responding to data requests. Then, monitor to ensure the policies are being followed.
Take time also to understand what is in your designated record set and where it is stored. Then make sure your HIMS understands what qualifies as the designated record set.
It’s time also to reassess how your organization is managing telehealth now that the public health emergency is ending. There will be decreased flexibility and increased emphasis on keeping these interactions on HIPAA-compliant platforms.
When you do move onto one of these platforms, be sure to have a business associate agreement.
When looking at technology, they advise compliance be a part of decisions related to the use of patient apps. Whether your organization is thinking of building its own or relying on a third party, it’s essential that the privacy requirements be a part of the discussion from the start.
Listen in to a provocative conversation, but, be warned. It’s going to make you want to join them in person at the HCCA Compliance Institute, April 23-26 in Anaheim, and online April 24-26.