With Dan Rode, MBA, FHFMA, Vice President of Policy and Government Relations, American Health Information Management Association. The AHIMA recently released its annual privacy compliance study.
Question: The study indicates that budget concerns were a driving force in the decline of privacy compliance. Can you offer suggestions to those organizations that may be struggling to maintain compliance without "breaking the bank?"
Rode: There are a variety of ways. Certainly some reference to confidentiality and security needs to be demonstrated and mentioned by senior administration on a regular basis. If confidentiality and security are expected by management and made a key trait of the organization then, spending money on major retraining programs is not necessary. The HIPAA regulation does require annual retraining, but there are a number of ways that can happen. Privacy officers, privacy committees and educators have to be given the time and needed resources to plan and implement training, retraining and reminder programs. If done right the first time, it becomes a lot cheaper than having confidentiality broken, complaints filed, or the reputation of the organization challenged in the press. Health information management (HIM) professionals believe that confidentiality must be another way of doing business. When we make it such, all the rest becomes easier.
Question: How should organizations approach HIPAA training and maintaining support from upper management for compliance efforts?
Rode: Hopefully, the study will be a means to alert senior management to these issues. When management has bought in to privacy being part of the culture, then training or retraining can take on a number of different approaches, and the perception of cost is viewed differently. As with any training, initial funding can result in cost savings in the future; yet when times are tough, training often become the first item to go in a budget.
Question: What impact will the emergence of electronic medical records have on HIPAA requirements?
Rode: From the perspective of HIPAA covered entities, EMRs make it easier to ensure that many of the HIPAA requirements are met. From the perspective of a National Health Information Network, there will have to be changes made in HIPAA.
This 3 Questions originally appeared in a weekly report from IT Business Edge.
This was first published in May 2006