« HSG Radio: Interview of Sylint's CTO Serge Jorgensen | Main | HIPAA Compliance: Identity & Asset Management Looms Large? »

March 20, 2012

HIPAA Compliance: the 80/20 Rule & why you shouldn't major in the minors?

There are no PHI risk free environments. NONE. OK to most compliance professionals this is common sense, but we all know how uncommon that often is. There is simply no budget big enough and not enough hours in your organization's lifetime to eliminate all risk related to PHI, nor do the regulations call for that. The Security Rule calls for "reasonable and appropriate safeguards" (granted some of the safeguards are totally non-trivial to implement correctly).

HSGLogoGet the basics covered & then

focus on the BIG PAIN points that

are likely to cause you the most

liability.

 

So what? The so what is that the "best is the enemy of the good." Like some many things in competitive environments, it is the basic "blocking and tackling" that often gets over looked. Get the basics covered and then focus on those high pain point areas that are likely to cause you the most liability. Here are couple of interesting data points from PwC's recent survey:

Of the 11 million people affected by data breaches since September 2009, 55% were affected by data breaches involving business associates. Healthcare organizations have only grazed the surface when it comes to ensuring their business associates can be trusted with PHI. Only 38% perform pre-contract assessments of their business associates and just 26% conduct post-contract compliance assessments.

Of the electronic data breaches reported to OCR, 90% were a result of a lost computer or device, theft, or unauthorized access/disclosure.

Do you think that maybe focusing on business associate and portable/mobile device risk might be a good place to get outstanding ROI on your compliance investment?

HSGLogo Looking for best of breed HIPAA Training?

To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.

If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH /HIPAA experience?

 

Posted at 05:31 PM in HIPAA Compliance, HITECH Act, HITECH/HIPAA |

My Photo

About

NEWSLETTER


  • Email Newsletter icon, E-mail Newsletter icon, Email List icon, E-mail List icon
    Sign up for a FREE
    HITECH / HIPAA
    Compliance Newsletter

    Enter your email address

Categories

CC

Tools

  • Google Analytics

Become a Fan

Essays and Such

  • HIPAA Survival Guide (PDF)
    Read the HSG in PDF format.
  • HIPAA Survival Guide (online)
    Practical advice for health care practitioners.

  • Search, KM & the Practice of Law

  • Silicon Stories eBook

  • Dirty Little Secret

  • Competitive Advantage

  • Process Patterns

  • Movie Making and Software Development

  • The Missing Factory

  • Architecture: Shack, House or Skyscraper?

  • The Talent Wars

  • Knowledge Management and Infotainment

  • What comes after what comes next?

December 2013

Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31        

Archives

More...