Hospitals throughout the U.S. have been forced to reduce their IT budget due to the current economic climate. However, with new mandates from the federal government and new privacy and security issues, hospitals are challenged to do more with less. Organizations that simply address the new HITECH provisions in the American Recovery and Reinvestment Act (ARRA), without consideration of the many new privacy and security rules and regulations, risk creating a patchwork of privacy and security processes and controls that will be less effective and unnecessarily expensive to build and maintain.
PwC's report, 10 things you need to know now: How to respond to the new privacy and security provisions of the stimulus bill, succinctly identifies 10 key suggestions you should consider in your IT planning.
- Communicate the new requirements and need for changes and resources to senior management as the stakes have changed.
- Business associates must enhance safeguards as they are treated as covered entities.
- Contracting companies including business associates are assessing vendor practices and compliance.
- Review PHI disclosure process and access controls management and monitoring to address enhanced accounting of disclosures requirements.
- Review design and functionality of electronic health record systems to address patient requests for records.
- Develop new processes that address additional restrictions on the use or disclosure of personal health information.
- Update incident response plans for general privacy considerations and new federal PHI breach notification requirements.
- Implement encryption and/or review technologies and data classification schemes based on new federal PHI breach notification requirements.