Business Partners / Vendors

Companies that do business with healthcare providers are recognizing that HITECH marks the beginning of a new era with new responsibilities. If your company “touches” patient data or provides products that manage patient data, HITECH requires that you protect patient privacy and secure patient data in the same way as a healthcare provider.

If your company provides any form of data management system for healthcare providers, it must be certified under requirements set by the Office of the National Coordinator for Health Information Technology (ONC) to meet provider obligations under HITECH, and to qualify for Meaningful Use funding. Systems that are not certified are also excluded from participation in Health Information Exchanges.

Benefits beyond Risk Management

Phyllis Patrick & Associates, LLC can support your company in meeting its new privacy and security obligations. By helping you to fully meet HITECH requirements on a timely basis, we can position your company to:

  • Look good to your current healthcare customers: Providers will be looking at partner practices to manage their own risk. By complying with HITECH, you protect your customers.
  • Gain market share: Compliance with HITECH positions your company to increase market share as small vendors and others who have difficulty complying drop out and markets consolidate.
  • Enlarge your geographic market area: Health Information Exchanges are working with vendors and advising physicians and other professionals on selecting systems that meet HITECH requirements. Vendors who are prepared to work with the HIEs show that they take privacy and security concerns seriously, and increase their opportunities to be recommended to providers in the region.
  • Enhance / Protect your reputation with consumers: Consumers are increasingly viewing privacy issues as a key part of service quality. Business Associates account for nearly 25% of breaches posted by the OCR and, given new responsibilities under HITECH, this will likely increase. By demonstrating that your concern about these issues is more than a slogan, you enhance your company reputation. In contrast, failure to comply with privacy and security practices can blacken consumer perceptions of your company, as Rite-Aid discovered.

To assure that you are positioned to realize these benefits, Phyllis Patrick & Associates, LLC will:

  • Educate leadership on your specific security and privacy responsibilities under HIPAA, HITECH and other applicable legislation.
  • Conduct an evaluation and risk assessment to make sure your organization meets HIPAA and HITECH requirements. This includes:
    • Governance and program infrastructure, including designation of privacy and security officers, reporting relationships, staffing and resources
    • Education and training programs
    • Policies, procedures, and documentation practices
    • Internal controls
    • Breach notification policy and procedures
    • Readiness to meet HITECH/HIPAA requirements and Meaningful Use criteria
  • Advise on how you can integrate security and privacy into your organizational culture and utilize security and privacy to enhance operations and improve customer relations.
  • Help you develop your strategy and work plan to meet new requirements while assuring ongoing compliance with existing regulations.

Once recommendations are implemented, we can assist with auditing and monitoring, to assure that the program is working as designed. The documentation provided by this process can be very helpful in dealing with potential future regulatory inquiries. We can either establish auditing and monitoring processes to be implemented by your staff, or perform auditing and monitoring ourselves, providing an outside eye on the process.

We can also provide periodic updates to make sure your organization stays abreast of new security and privacy requirements, and provide advice and education as requested.