January 28th is Data Privacy Day. Given that privacy is the bedrock on which successful health care delivery is built, I would like to mark the occasion with a few thoughts for our health care industry clients and friends:
HIPAA is big, but privacy is bigger. Health care providers and others in the health care industry must take a broad view of any privacy issue and remember that HIPAA is only part of any privacy law analysis. Individual states have privacy laws that are often more stringent than HIPAA and that must be considered along with HIPAA.
Privacy is good for business. Conversely, lack of privacy can result in significant reputational and economic harm. State and federal breach notification laws are designed to make failures embarrassing and public. The Office for Civil Rights’ breach notification summary is called the “Wall of Shame” for a reason. Stay off it!
No privacy program can eliminate human error, but education can help. People make mistakes and even the government acknowledges that perfect compliance with laws like HIPAA is not possible. Education is the only way to minimize the risk of human error as well as the risk of malicious or deliberate misuse of health or other personal information by workforce members.
There is no privacy without security. Rigorous administrative, physical and technical security measures are mandatory for ensuring the ongoing privacy of health and personal information.