Podcast: Play in new window | Download (Duration: 13:31 — 12.4MB)
Subscribe: Apple Podcasts | Google Podcasts | Stitcher | Email | TuneIn | RSS
Privacy is always a hot topic in healthcare, but even so, some areas are hotter than others. In this podcast Kara L. Hillburger, Privacy Compliance & Digital Accessibility Team Leader and Managing Director of the Octillo law firm, shares insights into the areas the enforcement community is currently focused on.
It’s not just the federal government that’s of concern these days, she points out. State attorneys general are becoming more active in this arena. Under the HITECH Act they can bring actions of their own for HIPAA Violations, which has resulted in substantial financial penalties.
The pandemic has also led to changes in the enforcement landscape. With the rules for telemedicine changed and more data collected on patients, several states have increased their enforcement activity. For compliance and legal teams that means taking the time to understand both the federal and state perspective.
Data governance is, at the same, growing more difficult. On the one hand, ever-increasing cyber risks argue for locking down as much information as possible. At the same time, though, OCR is calling for greater data portability and transparency.
So what should organizations do? In this podcast she suggests:
- Making the effort to stay on top of the legal and regulatory changes.
- Ensuring that there is a strong data governance structure in place
- Having a clear delineation of roles and responsibilities: Figure out who is doing what and hire the right people.
- Keeping your policies and procedures up to date.
- Planning on annual policy reviews that reflect the realities of both in-office and at-home workers.
- Identifying proper resource.
- Providing regular data privacy and security training and document it.
- Having consequences in place for violations.
- Knowing your vendors and what they are doing to safeguard your data.
Listen in to learn more about what’s especially hot in healthcare privacy compliance.