Skip to main content
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Digital Health
    • Transformation
    • ESG
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • ESG: The Implementation Imperative Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Hospital at Home
    • - Workplace of the Future
    • - Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • Data Center
    • Data Center Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • Newsletters
  • MORE+
    • Contact Us
    • Advertise
    • Media Kit
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Government
June 27, 2014 01:00 AM

CHIME Time: Rural hospitals pose unique challenges in safeguarding data

Anna Turman
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print
    Turman

    At smaller healthcare organizations, leaders get used to wearing many hats. These roles, while complementary at times, manage to compete for time, attention and effort.

    One of the trickier roles that I and my fellow small-hospital IT executives have is that of HIPAA privacy and security officer. In my case, I carry the chief information officer and chief operating officer roles as well as the responsibility for enforcing provisions of the Health Insurance Portability and Accountability Act. Having an effective security program can constantly distract me from my day job, a common issue faced by my brethren at small organizations.

    Yet, we know that security risks have proliferated, and small hospitals are at risk, even while resources to combat risks are thin. It's a conundrum—the lack of dedicated resources and technology are primary constraints to auditing and monitoring system and user activity. But underinvestment in security and resources result in unacceptable risk tolerance.

    We have an obligation and responsibility to maintain the safety and security of every patient every day. Beyond regulations, the integrity of our staff and our data has an effect on patient confidence in their care. We are not willing to compromise on our passion for patient safety and patient care; therefore, we need to handle their information with that same passion.

    Here are some other challenges that are especially difficult for those monitoring HIPAA at rural organizations:

    It's crucial to manage business associates and covered entities. As the data owner, our facility must have satisfactory assurance that business associates will safeguard information appropriately. Managing different agreements and ensuring they meet our standards takes time away from our day jobs.

    Just having a completed agreement with our business associates doesn't mean the mission is accomplished. We run risk assessments, some of which find issues, and that can be sticky. For example, a recent assessment found a data protection gap at one of our vendors, and after discussion, it had to purchase software to improve security. A healthcare organization's security is only as strong as its weakest link, so it's important to be vigilant, both inside and outside your walls.

    Casual record “snooping” can be a problem everywhere, but it's especially a challenge in rural environments. Small communities often experience big dollops of gossip, and it's difficult but necessary to fiercely defend protected health information. Snooping is rarely malicious but arises out of sheer curiosity; given the culture of small towns and rural facilities, we have our work cut out for us.

    Identifying snoopers vs. those employees who are just doing their jobs is challenging. Giving employees access to records so they can do their jobs often gives them access to records for just about everyone in town. Discovering inappropriate access takes a lot of auditing and monitoring, and some traditional approaches don't work. Standard methodology and variable matching of results can tend to show fewer true incidents of inappropriate access. Smaller facilities often lack the appropriate tools to assist in monitoring inappropriate access to protected health information because of the cost, and the shortage of tools drives up the risk.

    Because of the small “sample” size, de-identified information submitted for syndromic surveillance by a small rural facility presents unique challenges. If you look at a patient population in a rural environment and are looking at males from a certain ZIP code who are 75 years old, the pool is small enough that, if the wrong people are able to access the data transmitted to the state, they may be able to identify the patient.

    Small facilities need to move from reactive monitoring practice to an efficient and proactive security program to reduce both risk and cost. A proactive approach involves communication and training, and also identifying, documenting and mitigating data security risks.

    For me, HIPAA is an ongoing, time-consuming job. I have to enforce compliance with strong policies and procedures that I must review on a regular basis. It is an intricate dance—privacy and security go hand-in-hand, and one is not effective without the other. Being vigilant, and developing consistent risk-management actions, enables me to stay on top of things.

    Managing these well can help reduce the pressure on the person trying to juggle those many jobs at a rural facility. Staying vigilant on HIPAA compliance is really the only way to keep the task manageable and enable increased productivity in that “day job.”

    Anna Turman is chief operating officer and chief information officer at Chadron (Neb.) Community Hospital and Health Services.

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    abortion-pill-misoprostol-legal
    Abortion pill case advances to appeals court, on course to Supreme Court
    young doctor medical resident
    Federal physician recruitment program at risk
    Most Popular
    1
    More healthcare organizations at risk of credit default, Moody's says
    2
    Centene fills out senior executive team with new president, COO
    3
    SCAN, CareOregon plan to merge into the HealthRight Group
    4
    Blue Cross Blue Shield of Michigan unveils big push that lets physicians take on risk, reap rewards
    5
    Bright Health weighs reverse stock split as delisting looms
    Sponsored Content
    Modern Healthcare Alert: Sign up for this breaking news email to be kept in the loop as urgent healthcare business news unfolds.
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Digital Health
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • ESG
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • ESG: The Implementation Imperative Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Hospital at Home
        • - Workplace of the Future
        • - Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • Data Center
      • Data Center Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • Newsletters
    • MORE+
      • Contact Us
      • Advertise
      • Media Kit
      • Jobs
      • People on the Move
      • Reprints & Licensing