Earlier this week, the Chicago-based Healthcare Information and Management Systems Society (HIMSS) and the Englewood, Colo.-based Medical Group Management Association (MGMA) created an online and interactive resource that targets and educates clinicians, practice managers, and others who are part of a small provider organization on the complexities of data security and privacy.
The idea for the Privacy and Security Toolkit for Small Provider Organizations germinated 10 years ago after HIMSS received feedback from smaller organizations that were having hard time with the complexities surrounding compliance with the Health Insurance Portability and Accountability Act (HIPAA) and needed additional tools. “It’s tailored with the assumption that [these institutions] might not have the resources, the background knowledge, or a dedicated security person that larger organizations have,” says Lisa Gallagher, senior director, privacy and security, HIMSS.
The toolkit, which was developed by a task force of HIMSS and MGMA volunteers, gives a complete background around major legal requirements for HIPAA and ARRA/HITECH [the American Reinvestment and Recovery Act/Health Information Technology for Economic and Clinical Health Act]. “There’s some guidance on specific areas of security practice that they need to start working on like risk analysis, which is required by HIPAA and Stage 1 meaningful use,” Gallagher says. She also mentions that the toolkit will continue to evolve and be updated with information from meaningful use Stages 2 and 3.
Gallagher finds risk assessments to be particularly important for smaller healthcare organizations to use as a basis to develop their security policies and procedures. “It’s a fundamental requirement and really a way to implement security,” she says. “When you take a look at your implementation and how your unique environment influences the vulnerabilities in your implementation, you can start working on those things, and it starts to feel like you have a handle on it.”
In late June HIMSS will release a privacy and security toolkit on patient identity integrity that will address the complex issues of maintaining data integrity as patient records are matched.