When I was a little kid, I was afraid of Monsters under My Bed (Mumb). They couldn't be seen, of course, even when my mum made me look for them with her. They were all the time cleverly invisible, hiding just out of sight. But I knew they were there. And I think they knew that I knew.
Now that I've grown up, I no longer worry about monsters under my bed. But I do still worry about indiscernible monsters - far more dangerous than those who waited for me to have to get up and get a glass of water in the night. These monsters have a name - identity thieves. They're sort of grown-up monsters. Instead of eating little kids, they consume Protected condition data (Phi). Why Phi? Because it contains just about every vital statistic about me that an identity thief monster just dreams about obtaining. Yum!
Phi Phi
Well, if Phi is protected, how can the monsters get at it? That's because it's not indeed protected at all. It's lying with its soft, white underbelly fully exposed in the biggest medical database of all - the Cms (Centers for Medicare & Medicaid Services). The condition and Human Services Office of the Inspector general recently released a record stating the "Cms has fallen short of its rent to impose the condition guarnatee Portability and responsibility Act's protection provisions" (Source: Inspector general Knocks Hipaa protection Oversight, Government condition It, October 2008). Monsters hiding in all the dark Internet under-beds threw a big party when that record came out.
We even got warnings from no less than the Inspector General's office about this risk. They looked into the issue last year and stated that as of August 2007, the Cms did not have mechanisms in place to decree if a covered entity was complying with Hipaa rules. It's a virtual smorgasbord for monsters.
I wasn't surprised, and even my mum didn't try to convince me that it was safe to turn out the lights. With so many "covered entities" exchanging Phi with Cms, I would have been surprised if Cms indeed Had the systems in place to ensure Hipaa yielding on behalf of all hospitals and other entities submitting data to them.
This is a real mess for Cms. Think of how difficult, if not impossible, it is to generate and impose rules across all the covered entities working with them. Of procedure once the rules are created, how can they perhaps be enforced and audited? Cms is not the only assosication out there with this problem. Is there a bedroom nightlight that can keep the monsters at bay?
Enter Data Classification. It identifies Phi, and allows it to be classified so it can be protected and audited on a regular basis. How do you do it? Just result the four key steps below to help guide your assosication to becoming Hipaa compliant.
Step 1, Define Phi
Data, protected per Hipaa's administrative Simplification provisions, is known as Protected condition Information. This is why the first step is defining what Phi exists in your organization. Without knowing what is determined Phi, you cannot begin to protect it. Some criteria are standard, such as public protection numbers and phone numbers. Other criteria are determined by your organization, such as account numbers and claim numbers. Because criteria are exact to private organizations, customizable and flexible criteria are critical.
Step 2, scrutinize Phi
Once you have defined Phi, you must find it. Seeing through all your Electronically Stored data (Esi) for Phi may seem like a huge undertaking, but there are products available which can fulfill this requirement.
Step 3, Classify Phi
Classify Phi based on need to know basis per your organizations policies. As an example, someone in billing does not need to know a patient's exact ailments or full medical history just as a nurse does not need to know a patient's public protection estimate or credit card information. Classifications can consist of Full History Phi, Billing Phi and/or Claims Phi.
Step 4, obtain and Audit Phi
Once you have classified and know what and where Phi is in your environment, you must obtain the data per policies defined by your assosication in conjunction with rules set forth by Hipaa. Reporting who has way to Phi, based on classification, will help this process. Reports that show who has way to what Phi can help an assosication efficiently audit their systems ordinarily to ensure compliance.
With products on the market that can automate the entire process, it's as straightforward to do as to describe. Sleep well! We'll leave the light on for you.
Four Steps to Becoming Hipaa Compliant
ไม่มีความคิดเห็น:
แสดงความคิดเห็น