Services for Healthcare Providers

Any organization that creates, receives, transmits or stores patient healthcare data—whether a hospital, physician group, clinic, pharmacy, lab, home care agency, nursing home or other provider—must look at how it can build security and privacy into how it does business. Security and privacy programs must be concrete and comprehensive, incorporating managerial, operational and technical controls.

Benefit through Integration of Privacy and Security

Phyllis Patrick & Associates, LLC can support your organization in meeting new privacy and security obligations and integrating security and privacy into your culture. We can help you to assure compliance today and be ready for changes in requirements tomorrow. This will position you to:

  • Enhance your reputation with patients: Despite their willingness to share data on the web, patients still want complete control of what information they release. Demonstrating that you take patient privacy seriously will create positive perceptions and enhance patient satisfaction.
  • Avoid the cost of security incidents: When patients’ personal data is exposed, the costs can be substantial: notifying each affected patient, purchasing identity theft protection, and fines ranging from $100 to $50,000 for each instance of a violation.
  • Stay in control of your operations: In addition to HIPAA and HITECH, providers also face other federal and state security and privacy requirements. By complying with regulatory requirements, your organization can avoid the risk of being required to operate under a compliance agreement with HHS and/or the FTC.
  • Strengthen relationships with physicians and other professionals: The majority of complaints to OCR deal with physician offices. Hospitals are often considered negligent by association. By educating your physicians about privacy and security requirements, you can reduce their vulnerability to HIPAA complaints in their practices, earn their appreciation and reduce risk to the hospital.

Mastering Responsibilities / Transforming Your Culture

To assure that you are positioned to realize these benefits, Phyllis Patrick & Associates, LLC will:

  • Educate senior leaders and board members on your specific security and privacy responsibilities under HIPAA, HITECH and other applicable legislation, including the Red Flags Rules, Electronic Health Records, Meaningful Use, Affordable Care Act, and state laws for breach notification, data protection and others.
  • Conduct an evaluation and risk assessment to make sure your organization meets HIPAA and HITECH requirements. This addresses:
    • Program governance and infrastructure, including designation of privacy and security officers, reporting relationships, staffing and resources
    • Education and training programs
    • Policies, procedures, and documentation practices
    • Breach notification policy and procedures
    • Readiness to meet HITECH/HIPAA requirements and Meaningful Use criteria
    • Reviews of technical assessments and internal controls
    • Impacts of business partner/business associate relationships
  • Advise on how you can integrate security and privacy into your organizational culture and utilize security and privacy to enhance operations and improve customer relations.
  • Help you develop your strategy and work plans to meet new requirements while assuring ongoing compliance with existing regulations.

Once recommendations are implemented, we can assist with auditing and monitoring, to assure that the program is working as designed. We can either establish auditing and monitoring processes to be implemented by your staff, or perform these functions ourselves, providing an outside eye on the process. The documentation this provides can be very helpful in dealing with potential future regulatory inquiries.

We can also provide periodic updates to make sure your organization stays abreast of new security and privacy requirements, and provide advice and education as requested.