Security Advice for Smaller Providers

Online Toolkit Offers Insights for Small Hospitals, Clinics
Security Advice for Smaller Providers
Smaller hospitals and clinics have a new resource to use as they develop information security and privacy strategies.

The Healthcare Information and Management Systems Society and the Medical Group Management Association joined forces to create the free Privacy and Security Toolkit for Small Providers.

One of the biggest challenges smaller hospitals and clinics face when tackling information privacy and security issues is a lack of knowledge and resources, says Lisa Gallagher, senior director of privacy and security at HIMSS, an association for IT executives. "They don't have a deep background on the topic," she says. The toolkit is designed as a starting point to give them an overview of key issues, including HIPAA and HITECH Act compliance, she adds.

Security a Challenging Issue

Robert Tennant, senior policy adviser at MGMA, an association of clinic administrators, says, "We have found in talking to our members that security has proven to be a challenge for group practices."

Many clinics are unfamiliar with security nomenclature, such as encryption and authentication and are unprepared to meet the breach notification requirements of the HITECH Act, Tennant says.

Clinics applying for the HITECH Act's electronic health record incentive program must conduct a risk analysis and take action to mitigate any risks identified, he notes. "I believe that's going to be a tremendous challenge for practices trying to achieve meaningful use of EHRs," he adds.

"A practice can go out and hire a lawyer or consultant to navigate this very rough water, or you can use the toolkit to familiarize yourself with the issues," Tennant says. "The kit can help you to conduct a risk analysis or to have a better idea of what help you need to get from a security professional."

The online resource will evolve in the months to come, adding information on new regulations, whitepapers, case studies and interactive forums. Ultimately, it will become a subset of HIMSS' broader privacy and security toolkit designed for larger organizations, Gallagher says. That kit soon will be revamped to use a dashboard model.


About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.