|CHICAGO -- In light of new privacy-related issues including the evolution of health information exchanges, state-level privacy and security standards that are more stringent than the Health Insurance Portability and Accountability Act (HIPAA) and numerous high-profile security and privacy breaches, the role of privacy officers in healthcare?has evolved over the past four years, according to a report issued by the American Health Information Management Association.
“On the Front Lines of Healthcare Privacy,” released in conjunction with Health Information Privacy and Security Week (April 8 – 14, 2007), looks at the changing privacy and security landscape as well as the role of the privacy officer. In the report, AHIMA spoke with four privacy professionals, all of whom provide insight on how?privacy officers:
- Now play a broader role than ever before within their healthcare organizations
- Do work that has become more complex with the introduction of health information exchange and increased interest from the public
- Face challenges that still exist with some HIPAA standards
- Deal with the long-standing task of educating consumers about their privacy rights
“The role of the privacy officer has shifted quite dramatically, partly due to the hype in the media after various incidents, particularly involving identity theft. It raised the public’s knowledge and awareness of privacy regulations and forced us to go back and say we need to protect not only personal health information but oth?r sensitive information, said Nadia Fahim-Kostner, MBA, CHPS, CISSP, information privacy and security director at Gwinnett Health System in Lawrenceville, GA. ?With advances in techno?ogy we?ve had to look more broadly than just HIPAA in terms of taking measures to secure data and ensure its privacy.
One of the biggest changes has been the privacy officer’s involvement in training. “The privacy rule was meant to give the public greater access to their records, and it has—if the rule is followed properly. But it becomes a hindrance if people aren’t trained properly,” said Joan Kiel, PhD, CHPS, the HIPAA compliance officer at Duquesne University in Pittsburgh, PA. ?So the privacy?officer needs to be involved?in training the work force to know what really is allowed and what procedures need to be ?ollowed.
According to Jana Chvatal, CHPS, CIPP, CISA, manager of the privacy and information security office at Texas Children’s Hospital, privacy officers also have to have knowledge of initiatives at the state and federal level related to personal health records and electronic health records. “We have to oversee the implementation and compliance with HIPAA as well as other initiatives and manage them so that they are all in compliance with HIPAA. We ?lso have to address the regulations with patients, who may have read a synopsis or a piece of a regulation or an article and misinterpreted what?s allowed and what?s not,” Chvatal added.
When asked if privacy officers think that state law privacy differences will affect successful implementation of regional health information organization (RHIO) implementation and health information exchange, most thought it would hinder success. “Right now there’s a patchwork quilt of regulations and it’s a matter of institutional cooperation. A national standard on RHIOs would go a long way toward making them a reality, said John Gildersleeve, CHPS, system privacy officer at Geisinger Health System in Danville, PA.
For a copy of the “On the Front Lines of Healthcare Privacy,” visit http://www.ahima.org/emerging_issues/.
Sponsored by AHIMA, Health Information Privacy and Security Week is designed to raise awareness among healthcare professionals and the public on the importance of protecting the privacy, confidentiality, and security of personal health information.
AHIMA also announced its updated certification for healthcare privacy and security professionals. The association has combined the Certified in Healthcare Privacy (CHP) and Certified in Healthcare Security (CHS) certifications to create the Certified in Healthcare Privacy and Security (CHPS) to better serve the healthcare privacy and security industry by issuing a credential that demonstrates mastery in both areas. For more information, visit http://www.ahima.org/certification/chps.asp.