To keep up with the recently released proposed rules and
guidance on privacy and security, HIM practitioners should seek
out education from professional associations such as AHIMA,
says Delahoussaye, also a member of the Privacy and Security
Practice Council. “As fast-moving as the privacy world is right
now, we need to have very strong knowledge because we have
to have conversations with our executive group as well as our
security group about how privacy could be affected by some of
the decisions they make,” she says.
She is also an advocate of the CHPS credential. “It was a huge
asset for me because of all the education I had to take prior to
sitting for the exam to ensure that I was a subject matter expert,”
The bottom line: HIM professionals will need a much deeper
knowledge of privacy and security issues as access to health
information opens up. “We have to drop down that 30,000-foot
view of privacy now, and we have to be in the weeds,” she says.
Going Back to Basics
Other developing issues could affect privacy and security rules,
says Wes Morris, CHPS, CIPM, HCISPP, managing principal
consultant, Clearwater Compliance, LLC, Mountain Home, ID.
For example, opioid reporting rules are evolving differently state
by state, creating a challenge for HIM professionals to understand
which rules apply to them and how they synch with federal
regulations, says Morris, who also co-chairs the Privacy and
Security Practice Council.
To help AHIMA members understand the implications of the
latest issues affecting privacy and security, the Privacy and
Security Practice Council has been working on several resources
for members. One is an updated Disaster Recovery and Planning
Toolkit, which will be launched this year. Members of the
practice council also plan to update the Release of Information
Toolkit this fall.
While it is important for HIM professionals to keep up with the
latest issues affecting privacy and security, Morris also urges them
to make sure their current practices are as effective as they can be.
“I would encourage the industry as a whole to, first and foremost,
make sure what you have in place is working for you and meeting
the needs of two groups: patients, whose information you are
there to protect and manage, and the staff of your organization
who have to work within your policies and procedures,” he says.
Making Privacy-Security Collaboration a Priority
Andrew Rodriguez, MSHI, HCISPP, CHPC, CHPS, CDP,
corporate privacy and information security officer, Shriners
Hospitals for Children, Tampa, FL, agrees that HIM professionals
should keep a watchful eye on ongoing privacy and security
challenges like insider threats while keeping tabs on potential
Developing customized, actionable policies and procedures
can help protect against such insider threats, Rodriguez says.
Meanwhile, staff training should offer specific examples of
violations for different roles—such as clinical, operational,
financial, and research positions—so staff can steer clear of
Rodriguez, a member of the Privacy and Security Practice
Council, advocates for tighter collaborations between privacy and
security professionals who tend to have different backgrounds and
skillsets. For example, an organization’s security strategy may fail
to protect data like videos and exported datasets that are beyond
the electronic health record (EHR) if a privacy officer, who
understands where protected health information (PHI) exists,
is not involved.
“It is important for privacy officers to have a seat at the table for
the security strategy for the organization,” he says, “and at the
same time, the security officers should be involved in the privacy
program if they are not integrated into one program.”
s COVER STORY CONTINUED
Don’t Fall Behind
Keep up with the latest news and trends in privacy and
security in the AHIMA Body of Knowledge, the AHIMA
Store, and online at ahima.org. (Use your AHIMA login
and password; some resources are free, while others are
available for purchase.)
AHIMA’s Health Data and Information Conference—
Network with your peers at the conference and at the
AHIMA Privacy and Security Institute in Chicago, IL,
on September 14–15. The institute will include premier
keynote speakers and dedicated tracks for both privacy
CHPS Credential—Advance your privacy and security
knowledge by earning this credential.
CHPS Exam Preparation—This text will help get you
ready for the credentialing exam.
Books—The AHIMA Store offers books covering an
Introduction to Health Information Privacy & Security,
HIPAA by Example, and Fundamentals of Law for Health
Informatics and Information Management.
Engage—Join helpful, practical discussions in the
Confidentiality, Privacy & Security Engage community.
Advocacy Action Center—Stay up-to-date on AHIMA
advocacy and policy updates here. Learn more about state
policies by engaging with regional advocacy leaders. v