Health Information Compliance Alert
Advert HIPAA Infractions With
PDF
Question: I've read about privacy impact assessments and am considering whether we should take the time to formally conduct one on our new EHR system. What exactly is a PIA, how is it different from a privacy audit and what are the benefits of conducting one? Answer: A privacy impact assessment (PIA) is a risk mitigation tool that helps you prevent problems before they occur, whereas audits serve more of a retrospective function. Such an assessment enables you to evaluate whether a new system or procedure will meet compliance standards and helps ensure a good ROI by offering a systematic way to identify and remove any inherent risks. It's vital to start a PIA as early as possible -- ideally in the project initiation phase -- to recognize any major issues embedded in a new system's design before you implement it, stressed Erik Pupo, practice manager at Project Performance Corporation in McLean, Va., at the Healthcare Information and Management Systems Society (HIMSS) annual conference in Chicago. Goals: A thorough PIA has several beneficial outcomes; it provides a framework for documenting the collection, use, disclosure and destruction of personally identifiable information, enhances internal and external accountability for privacy compliance, and reduces the number of IT revisions and retrofitting you'll face, said Kristen Knight, director of privacy compliance for Phillips Healthcare in Andover, Mass., at the HIMSS conference. PIA ingredients: After finishing the assessment you will have a clearer idea of how the new system uses and retains data; its access and security features; and your policies for internal and external sharing and disclosure, giving notice to patients, and providing a means for individuals to access and correct their information. Resource:
www.himss.org/content/files/CPRIToolkit/version6/v6%20pdf/D87_HIMSS_PIA_Guide_FinalV2.pdf..
Open call:
Have you got a burning question about technology, privacy, vendors or anything else HIT-related?Email your query to the editor at StacieB@eliresearch.com -- we'll keep your identity confidential and research an answer to publish in a future edition.
Health Information Compliance Alert
- STIMULUS :
Don't Lag Behind: Implement EHRs Now For Maximum Benefit, Experts Say
But wait: Total cost will far exceed incentives, cautions one doc. If yours is like [...] - Red Flags Rule :
CMS Extends Deadline for Complying With Red Flags Rule
You now have until August 1 to prepare -- but you'll need all of that time [...] - HIPAA :
CMS Expects Practices to Use New HIPAA 5010 Form by 2012
Hint:You won't be able to submit ICD-10 codes without this new form, so start preparing. [...] - ICD-10 :
Get a Head Start on the Transition to ICD-10 Codes So You'll Be Fully Prepared When the Time Comes
Plus: Know what to expect for your staff training in the coming year. Although Oct. [...] - Networking :
Social Media Changes the Business Side of Medicine, Too
Take these cues from consultants, payers to beef up your marketing withWeb 2.0. The Internet [...] - Subscriber Question :
Advert HIPAA Infractions With
Question: I've read about privacy impact assessments and am considering whether we should take the [...] - INDUSTRY NEWS :
Hit The EHR 'Meaningful' Target With These Early Clues
HIMSS aims to spell relief with an incremental application of the regs. We'll become very [...] - In other news...
The transition to ICD-10-CM might be a little less painful, thanks to new tools from [...] - In other news...
• The HHS Office of Inspector General posted Recovery Act materials to its Web site [...] - In other news...
• Ambulatory care centers that want to use information technology to improve the quality, safety, [...]