5 hours 25 minutes
Hello again and welcome to the H C I s P p certification course with Sai Buri, our party risk management.
My name is Charlene Hutchins.
we're gonna talk about Primary Entity,
as we've discussed throughout this course, healthcare involves a variety of stakeholders, each of whom has a responsibility to safeguard the sensitive data
that it's entrusted to it.
If you will recall from earlier in the course the entity that has direct relationship with the patient
is referred to as the primary entity
that could be a doctor.
Ah, hospital, a pharmacy or health insurance company, or payer
any entity in which the primary entity's sources a function or multiple functions is considered a third party vendor.
The expectation for the third party vendors who create
access, store or process health information is that they must protect the information at the same level or greater than the primary entity.
That this does not absolve the primary entity of any responsibility for due diligence.
Vendors and healthcare space can be as varied as a company that performs hardware destruction toe one that handles medical claims, processing, billing or collections
just a zone. Other industries bender Arrangements can vary, and each of them comes with a certain level of risk,
such as the location of the services
either on site at the primary entities facility. For example, nurses provided by a temporary agency
offsite at the third Party vendors facility
or within the primary entities country
or in a foreign country often referred to as offshore
or the service offerings.
Business process outsourcing, for example, medical transcription services
or information technology outsourcing, for example, systems development and maintenance
or even cloud services such as Softwares of service
infrastructure as a service
and platform, as a service
has mentioned previously. Because sharing information is vital to ensuring that healthcare delivery provides for the needs of the individual,
security and privacy of healthcare data poses some unique challenges.
For example, the government of a health insurer, or payer, requires information to be able to pay for the delivery of care.
Providers must be capable of securely sharing patient information.
Coordination among providers is required to give individuals the appropriate appropriate level of care.
Although the data needs to be protected, care depends on some level of openness to the data to be efficient and effective
at each step along the healthcare continuum. There are risks that must be anticipated and medicated.
When third parties air added to the mix, additional risk is introduced.
It is precisely that risk which the Hcs PP professional can help toe identify, communicate and manage
the accountability for protection of health information ultimately lies with the primary entity. However, regulators air become more aware of the risks posed by downstream vendors. There are countless examples in the media of vendors who have caused data leakage or data breaches.
It's important for a primary entity to ensure that its third party vendors understand the laws and regulations to which the entity is held and to which compliance is expected of the vendor
bills. Regulations vary by country, state or province.
Many regulations imposed harsher penalties if there is negligence. So it's important to keep a close watch over issues identified at a vendor to ensure their corrected in an appropriate and timely manner.
The organization that collected the Ph I original is responsible for it even after it passed on to a third party
time for a knowledge check.
Third parties can
either a introduce additional risk to an organization, if not properly assessed and monitored. Or be
alleviate. An organization of responsibility during the protected Health Information Breach,
or C not outsource processing, storage or transmission of sensitive pH. I, regardless of contract requirements
Onley operating countries where the original party resigns,
which is the best answer.
Did you get a
third? Parties can introduce additional risk.
So in summary, we talked about
third parties and accountability. See you in the next video.