ID Experts asked healthcare compliance, privacy, and information security officers to share their predictions and provide their wish lists for a smoother and more compliant 2014.
In order to better manage their current programs, security, compliance and privacy officers at healthcare organizations are requesting five things: more training, more staff, increased budget, help with audits, and compliance software to help with the avalanche of data breach laws.
This parallels the findings from the Ponemon Institute’s Third Annual Benchmark Study on Patient Privacy & Data Security, stating that the majority of healthcare organizations have insufficient resources, budget, or controls in place to minimize data breach incidents.
If I had more budget, I'd wish for:
- The compliance fairy sprinkling compliance dust and all employees follow the rules. If they don’t, they would disappear.
- More staff, proactive access audit software
- More training; more resources to fund audit trips.”
- A new position to be funded: someone to develop privacy training, be the first contact for questions, and assist in the review and investigation of complaints.
- A best practices, state-of-the-art, compliance tracking system.
- I wish every audit could be done by an external company.
- Internal auditors and a person dedicated to subcontractor oversight activities.
- More staff to help with all the rules and regulations, and write policies.
- The best software available to audit for inappropriate record access.
- Time to be more proactive and more time to focus on education, monitoring, and overall bolstering of the privacy program.
- Have no healthcare, privacy or security laws and regulations change for the next five years.
- Monitoring software to be installed to audit all employees for inappropriate record viewing and monitoring usage of the non-work related Internet websites.
- Less government rules, more care for the patients.
- Designated full-time compliance liaison staff at all sites throughout the state.
- Increased reporting, and government (state and federal) enforcement of privacy and security rules.