Page 5 - SFHN1218pagesFINALSP.qxp_Page layout
P. 5
Maximizing Technology in Compliance
Within a few minutes, however, I can pro- the technology and build in structures to In response, my firm developed a tool we
vide the “magic” solution – complete com- ensure that humans are checking it, doing offer to clients that combines an IT assess-
pliance at no cost. How? They were not the tasks technology cannot address and ment platform (to review a client’s security
subject to the law in the first place. They occasionally taking a step back to rethink as well as HIPAA compliance) with behind-
got so lost in the details, they forgot to ask whether the entire process makes sense. the-scenes document management in order
BY ROY WYMAN the basic question. For example, acquiring logging software to to reduce the cost and the time required to
This may be a tendency that we can all track use of an IT system can increase risk comply with HIPAA. Our clients have
A compliance department’s relationship see in ourselves – when first facing a prob- if no human actually looks at the logs gen- found that the new tool consolidates sever-
with technology can be a bit, well, compli- lem, we recognize the bigger issues and erated. al steps (risk assessment, policy and docu-
cated. Every compliance department faces plan to address them, but once we start dig- ment generation and risk management),
headaches caused by technology imple- ging into the details, we forget the context. Some Potential Solutions simplifies the process and significantly
mented or used inappropriately, and trust- It is like spending hours learning how to The flip side of getting lost in new toys is reduces costs. This solution is not depend-
ing technology to help resolve those prob- use a new smartphone only to realize it to overlook the potential for relatively sim- ent on cutting-edge technology, but uses
lems can feel a bit naïve. Yet, listening to can’t make a call. ple technology to solve complex issues. For current technologies in novel and elegant
some sales pitches could make a person Looking at an example specific to com- example, I have had more than one client- ways to meet particular needs.
think that one magical purchase can pliance, Governance, Risk Management vendor decide to stop providing services to
resolve every issue. and Compliance (GRC) software can pro- health care organizations. Why? Too many Making IT All Fit
Given this tension, the best approach vide an amazing tool for compliance offi- regulatory issues that are too expensive to Compliance departments can face over-
seems to be one that considers what com- cers to integrate and manage IT operations. address – particularly involving HIPAA. whelming challenges from technology:
pliance actually does, finds what works for By tracking policies and activities of an Full compliance with HIPAA requires not Either it is creating risks or is offering an
those activities, and doesn’t forget the risks entity, GRC helps meet regulatory require- just privacy policies, but also a full IT risk overwhelming array of options. Each new
that new technology can create. ments. Of course, GRC has limits: assessment, risk management process and tool provides a temptation to overreact, get
• It is only as good as the risks and activ- IT security program. A small company pro- lost in the details or crawl under the near-
The Proper Role for Technology ities identified and tracked; viding simple services that involve health est blanket and hope it goes away. In the
“We cannot solve our problems with the • GRC can give a false sense of security if information (e.g., a mailing service sending end, however, by remembering the big
same level of thinking that created them.” - not used regularly and well; and out patient letters) is required to meet most issues, keeping humans in charge and
Albert Einstein • It does not replace policies and train- of the same requirements as a larger organ- applying a bit of creativity, a savvy compli-
On a regular basis, I receive calls from ing, etc. ization, no matter how “scalable” the secu- ance department can find and utilize the
very concerned clients who fear that they These limitations create risks that seem rity rules may be. The cost for a full risk right tools for the enterprise.
are not complying with particular laws. obvious at first, but can be forgotten as assessment from a consultant, plus hiring a
These folks have dug deeply, researched, soon as we take the bow off the software lawyer to create policies and procedures to Roy Wyman is a partner of Nelson Mullins
and found more than a few requirements of and get lost in the details of how the thing address risks and comply with HIPAA, not Riley & Scarborough LLP in Nashville and is a
HIPAA, The Gramm-Leach-Bliley Act works. to mention the training of workforce mem- member of the healthcare regulatory and
(GLBA), anti-kickback statutes or some Before implementing any technology, a bers, can be tens to hundreds-of-thousands transactional team. He can be reached at
other regulation that they are not meeting. company should keep in mind the limits of of dollars. roy.wyman@nelsonmullins.com
or (615) 664-5362.
Six Award Winning Not-for-Profit
Rehabilitation and Skilled Nursing CCenters
Conveniently Located Throughout Miami-Dade.
• Interdisciplinary Restorative Arch Plaza
North
in
Caree Plans Located Miami, minutes from
Bal Harbour, r, Bay Harbor and Surfside
• Advvanced Practice Registered 305.891.1710 |
archplaza.org
Nursses (APRNs) for Immediate
OOn-SSite Evaluation of Changes A Avventura Plaza
P n t r a n i r e n g h t i w h t e in Paatient Condition Conveniently located for Aventura
• Adv ed TTeelemedicine and North Miami Beach
dvanc
S o h t u l F ro d i a H e h t l a C era annd TTeelemetry 305.917.1800 |
aventuraplaza.org
House & Bedside Dialysis
C o m m un d i v e • In-H Jackson Plaza
n yti
orPot
•
A
vanced Respiratory ddv
C era
h t e B t s e i n S u - b A c e t u C Thhe rapy Programs In the heart of the Miami Health District
• Sppe cialized Care Programs for 305.347.3380 |
jacksonplaza.org
Tr nsplant & LLVVAAD Patientsan V
r
• E Ennh anced Rehabilitation to Ponce Plaza
Immp rove Patient Outcomes
Serving Miami, Coral Gables
• O Out patient Therapy and and South Miami
ponceplaza.org
uatherapy (available at
A wa d Winar n i n g R e habilitati o n killedS N ursi n g C e nter s AAqu 305.545.6695 |
&
versity Plaza)
UUnivUUniv
Sinai Plaza
We a
accept Private Pay,
R :E
L E A R N OM R Medi care, HMOs, and most Convenient to Miami Shores and North Miami
sinaiplaza.org
7 40.
C l l a 03 9 . 5 17 0 0 priva 305.899.4700 |
ate insurance plans and
a l p z a h e t l a h ro. g Medi caid care programs
University Plaza
a Health Network is a
Plaza
In the heart of the Miami Health District
Not-f for-profit 501(C) (3) 305.325.2300 |
university-plaza.org
South Florida Hospital News southfloridahospitalnews.com December 2018 5
