Identify a leader
This is not just an issue for IT or compliance departments; this demands a cultural and technological shift in healthcare as it moves the system from one where organizations may share data to one where they must share data. A leader is needed within payer and provider organizations who can advocate at the top levels and coordinate involvement of multidisciplinary teams.
In some organizations this may be a chief data or digital officer who can spearhead the organization’s response. Others may determine it’s everyone’s role in the organization to think digitally.
Map out your data to see what’s affected
Payers and providers should assess the state of their data, and consider what unstructured data sets exist. They should classify the data to understand which may contain personal health information targeted by new regulations and where the data flows downstream. Data cleanup efforts and an assessment of how much of the data conforms to industry standards are also important, along with a map of who controls the data, when it is pushed out and to whom.
Now is also a good time to review patient matching processes and develop different methods for crosswalking patient identifiers or demographic information.
Providers should communicate with vendors about what updates they may have planned for EHR systems to respond to the regulations.
Review business partnerships in this new regulatory environment
Digital health companies and new entrants may help organizations take advantage of the opportunities that achieving interoperability may present. However, the freer flow of information opens up new questions about data privacy, as some companies accessing the data may not be covered under HIPAA.
Companies should consider the legal risks and take steps to protect their reputations and relationships with customers by thinking through issues of consent and data privacy. Healthcare organizations should review their current policies and consider whether they offer protections for customers under the new processes and what data security risks may emerge. They should also consider whether business associate agreements are due in more situations.
Prepare for new processes
Healthcare organizations may find that they have entirely new functions to perform that they’ve not performed before, such as notifying other providers of a discharge or making patient data available via API.
Providers and payers should consider not only potential cost implications, but the impact to their workforces and the training that will be needed, to ensure not only compliance, but an effective digital strategy.