Posted on Sat, Jan 23, 2010 @ 01:15 PM
Aveksa was featured in a recent edition of Health Management Technology Magazine in their Forecast 2010 article on Electronic Health Records.
While modernizing the nations health care records system from paper-based to electronic is crutiual not only to improving patient care but also to lowering administrative costs. But in the race to digitize patient records, robust access security must be addressed as the number of users that might have access sensitive patient data will increase substantially, especially with some of the federated models that are being implemented by health care networks across the nation.
As more and more medical and administrative processes related to patient care and data are being outsourced to third parties for cost efficiencies, health care providers and payers must be concerned about the effectiveness of the security and access governance frameworks with their business associates. At the end of the day you can't outsource your business or regulatory liabilities when an access control failure materializes.
The damage to a health care organization's brand, reputation and the potential for loss of revenue as well as increases to operating expenses are very real risks that can materialize from an access governance failure.
The HITECH Act gave the HIPAA some real teeth and it's now apparent that the Federal Trade Commission (FTC) will be the enforcement arm for this regulation. The FTC has already demonstrated in past consumer privacy breach settlements that it will issue heavy fines and penalties on organizations that fail to implement the right access controls to protected information.
Posted on Tue, Dec 01, 2009 @ 12:10 PM
We came across this Ponemon Institute study, sponsored by Crowe, on the state of compliance with HIPAA/HITEC. The report is available for download from Crowe's website.
http://go.crowe.com/content/CroweLP?eid=TR9014D&origRef=benchmark
The majority of the respondents to the study are not substantially in compliance with HIPAA/HITECH and the author recommends that they get more aggressive in their approach for complying with the regulation. What was interesting to us was the impact that certain requirements of HIPAA/HITECH regulation would have on a healthcare organization. Access governance and access management policy was the second most highly rated organization impact (31%).
One area of concern that Aveksa identified in a whitepaper we published earlier this year is that healthcare organizations are racing to modernize their patient records systems from manual to electronic. This is a good thing. But if done without having a good access governance control framework in place, the organizational and compliance risks of access control failures will be expodentially higher than they are today. To read our whitepaper on Role Based Access Governance and HIPAA Compliance: A Pragmatic Approach, go here.