Lee Barrett Discusses Keeping Protected Health Information Safe

Healthcare organizations really need to be careful that the protected health information flow is safe and there are no vulnerable spots where that information can be accessed and cause a HIPAA violation, explained Lee Barrett, executive director of the Electronic Healthcare Network Accreditation Commission.

Healthcare organizations really need to be careful that the protected health information flow is safe and there are no vulnerable spots where that information can be accessed and cause a HIPAA violation, explained Lee Barrett, executive director of the Electronic Healthcare Network Accreditation Commission.

Transcript

As technology has evolved are there things about HIPAA that providers don't always think about that they should pay more attention to?

So I think about the things about HIPAA is really about the PHI flow—the protected health information. They really need to assure that they've gone through that PHI flow, where the flow is and all these various connection points, portals for patients, various exchanges with different stakeholders, whether or not its with hospitals, labs, other accountable care organizations, other health information exchanges, all these are vulnerable spots. So they need to understand where their PHI flow is, they need to understand all the rules that HIPAA and the regulations have gone through, and they also need to be aware of what their obligations are as an organizations under HIPAA.

The Office for Civil Rights is very aggressively going after organizations. I'm going to be talking about the fact that they're levying some pretty big penalties to organizations today. So if organizations don't take it seriously, do their risk analysis on an ongoing basis, put in their policies, procedures, controls, be reviewing them on an ongoing basis, put the appropriate privacy and security individuals in place in their organizations that are really looking at not only their organization, but all the business associates that are supporting them.

Those are the types of things, those are the types of controls and type of rigor that organizations need to be putting in place.