Healthcare Privacy Compliance Program Management
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Hello everyone.
00:00
>> Its Chris again,
00:00
>> and I'm Cybrary's Instructor
00:00
for its US information privacy course.
00:00
In Lesson 6.5,
00:00
we're going to look at the components of
00:00
an effective healthcare privacy compliance program.
00:00
This is a topic that's near and dear to my heart.
00:00
It's one of the reasons why I dare to quire
00:00
the Healthcare Compliance Associations
00:00
certifying healthcare privacy compliance
00:00
professional certification.
00:00
Because I think it's extremely important
00:00
for those privacy professionals
00:00
>> that are working on compliance officers
00:00
>> or working with their compliance officers, teams,
00:00
>> privacy officers to ensure that the organizations,
00:00
>> institutions, and companies that they're supporting
00:00
>> have effective privacy compliance programs.
00:00
>> I completed the Loyola University of Chicago School of
00:00
Law's privacy law certificate.
00:00
The capstone course required us to develop
00:00
a privacy compliance program for healthcare.
00:00
It is quite insightful looking
00:00
at the individual components of
00:00
>> what really defined a privacy program
00:00
>> from a compliance standpoint.
00:00
I'd use certain tools to assist me
00:00
>> in assisting public sector
00:00
>> and private sector organizations in
00:00
>> developing effective compliance programs.
00:00
There's a tool that I want you to add to
00:00
your privacy tool kit it is entitled
00:00
measuring compliance program effectiveness.
00:00
A resource guide is applicable really to any industry.
00:00
But for our use,
00:00
we are going to use it really
00:00
>> to develop effective privacy compliance program.
00:00
>> I must give credit
00:00
>> to the Health Compliance Association,
00:00
>> and also to the US Department
00:00
of Health and Human Services office
00:00
of the Inspector General
00:00
>> for developing this useful guy.
00:00
>> We look at rarely as been defined at the elements
00:00
>> of effective compliance program are really savvy.
00:00
>> You can also add to your toolkit
00:00
>> the US Sentencing Commissions
00:00
>> Chapter 8 of the US sentencing guidelines
00:00
>> to really help you structure
00:00
>> your healthcare privacy and compliance program.
00:00
Now there are eight elements
00:00
>> that we're going to look at.
00:00
>> But before we get there,
00:00
we want to talk about our learning objectives.
00:00
We're going to talk about those
00:00
seven compliance program elements.
00:00
Then we're going to talk about
00:00
the importance of developing
00:00
compliance program metrics
00:00
>> to really assess the efficacy
00:00
>> and effectiveness of those program elements.
00:00
>> These are the seven programming elements
00:00
that we're going to talk about.
00:00
Standards, policies and procedures,
00:00
>> compliance program administration,
00:00
>> screening and the evaluation of employees,
00:00
physicians, vendors, and other agents.
00:00
Communication, education
00:00
>> and training on compliance issues, monitoring,
00:00
>> auditing and internal reporting systems,
00:00
discipline for non-compliance,
00:00
>> and then finally,
00:00
>> investigations, and remedial measures.
00:00
Now before we delve into
00:00
each of these seven program elements,
00:00
we want to also discuss what it means
00:00
>> when we talk about program metrics.
00:00
>> Throughout my military
00:00
>> and federal government experience,
00:00
>> we tended to use an acronym, the SMART principle,
00:00
when it came to talking about program metrics.
00:00
Smart, measurable, achievable,
00:00
relevant to the task, and time constrained.
00:00
Normally periodically looking at a year.
00:00
These metrics tell you exactly,
00:00
give you some insights into
00:00
>> how well your program is functioning,
00:00
>> it allows you to make those corrections
00:00
when you see that you're not
00:00
achieving those desired goals.
00:00
What I've learned about
00:00
>> when we talk about metrics is that again,
00:00
>> you can't have too many program metrics,
00:00
normally three to five are sufficient.
00:00
Most privacy officers don't own the data
00:00
that you need for to assess these program metrics.
00:00
Again, you must partner
00:00
>> with those data stewards, data owners,
00:00
>> functional units,
00:00
business unit leadership
00:00
in establishing that partnership,
00:00
you want them to be the metric owners.
00:00
You also want to identify
00:00
a very senior level champion for your metrics.
00:00
So that when it comes time to talk about budgeting
00:00
>> and program management resource needs,
00:00
>> then again, you have an advocate that's sitting
00:00
>> at the table to represent your equities.
00:00
>> When we talk about metrics
00:00
>> and we talk about standards,
00:00
>> policies, and procedures,
00:00
>> some of the things you might want to measure
00:00
>> are access, accountability, review
00:00
>> and approval process,
00:00
>> quantity, quality, assessment principals,
00:00
code of conduct, updates, understanding,
00:00
compliance plan,
00:00
>> confidentiality statements, enforcement.
00:00
>> When we talk about compliance program administration,
00:00
some of the things that we might want to measure are
00:00
the activities of the board of directors,
00:00
the compliance of budget,
00:00
compliance committees, accountability,
00:00
compliance officer, his or her activities, staffing.
00:00
Whether you have enough staffing,
00:00
is it achieving the desired outcomes?
00:00
Your compliance plan, do you have it?
00:00
Do you have a compliance plan process?
00:00
The culture, how well is the culture embracing?
00:00
Privacy compliance, incentives,
00:00
performance evaluations, risk assessments,
00:00
>> are they effective?
00:00
>> Compliance work plan,
00:00
>> the legal counsel's role in sharing that
00:00
>> the legal council is participating.
00:00
When we look at Element 3: screening
00:00
>> and evaluation of employees,
00:00
>> physicians, vendors, and other agents.
00:00
Some of the things we want to measure
00:00
are accountability for screening,
00:00
using oddest to ensure that again,
00:00
we're screening individuals to ensure that
00:00
they are competent to perform those functions.
00:00
Look at any conflicts of interests.
00:00
Employee accountability,
00:00
look at how employees are screened.
00:00
Exit interviews use those so you get insights
00:00
>> and to the perspectives of employees.
00:00
>> Response to screening, looking at your vendors.
00:00
How do you screen your vendors?
00:00
When you get to Element 4: communication,
00:00
education and training our compliance issues,
00:00
some of those things you want to measure are
00:00
your training program, is it effective?
00:00
You want to look at accountability.
00:00
Now are you using incentives to entice
00:00
individuals to perform their functions?
00:00
Is this done in compliance
00:00
with applicable regulations laws?
00:00
How aware employees are of privacy and compliance.
00:00
The role of the board of directors.
00:00
How competent employees are,
00:00
assess the culture,
00:00
and look at your vendors and volunteers.
00:00
When we get to Element 5: we're talking about
00:00
>> monitoring, auditing, and internal reporting systems.
00:00
>> Some of those things that you might want to measure are
00:00
how accessible is the reporting system?
00:00
Use interviews and surveys
00:00
to ensure that your employees
00:00
>> and managers understand the purpose
00:00
>> of the reporting system
00:00
>> and if they can access it.
00:00
>> Now looking at risk assessments,
00:00
do we have a documented
00:00
enterprise wide risk assessment process?
00:00
Is it effective?
00:00
Monitoring audit work plans.
00:00
Look at your audit process.
00:00
What about corrective action plans?
00:00
Audit the auditors,
00:00
look for cases of retaliation.
00:00
When we get to Element 6: discipline
00:00
>> for non-compliance,
00:00
>> you want to ensure that you have consistency
00:00
>> as it applies to disciplinary processes.
00:00
Make sure that you're using surveys and
00:00
other tools to assess again,
00:00
compliance responsibilities for disciplinary action.
00:00
Look at documentation, look at your promotion criteria.
00:00
Finally, when we get to Element 7: investigations
00:00
>> and remedial measures,
00:00
>> some of the things that you want to measure are,
00:00
what are those guidelines
00:00
>> for conducting investigations?
00:00
>> Where is the content that you have
00:00
>> in your investigation files?
00:00
>> What's the quality and consistency
00:00
of your investigations?
00:00
How do you track trending investigations?
00:00
Escalation of investigations,
00:00
communication of investigation outcomes,
00:00
training of investigators, professionalism,
00:00
and competency of investigators,
00:00
the involvement of legal counsel,
00:00
timeliness of response, corrective action plans,
00:00
and remedial measures to address them.
00:00
Those are some of the things
00:00
>> that you want to consider
00:00
>> when looking at some of these
00:00
>> privacy compliance metrics.
00:00
>> Question 1 asks,
00:00
>> which compliance program element best addresses
00:00
>> an organization's external and internal practices?
00:00
The appropriate answer is A.
00:00
When you look at two,
00:00
which compliance program element best
00:00
addresses an organization's investigatory practices?
00:00
D would be the appropriate answer.
00:00
Three asks, which of the program elements
00:00
best addresses consequences of non-compliance?
00:00
The appropriate answer is C.
00:00
>> In summary, companies, organizations
00:00
>> and institutions must have detector privacy programs
00:00
>> in place that really assess compliance.
00:00
>> A healthcare privacy compliance program can benefit
00:00
from using those seven program elements
00:00
>> that we discussed.
00:00
>> Also, it's extremely important to develop metrics that
00:00
assess the efficacy of those seven program elements.
Up Next
Similar Content
