Implementing a framework can be useful, but it requires resources – and healthcare organizations may face challenges gaining consensus over which ones to deploy, said a compliance expert ahead of HIMSS22.
As the landscape of data privacy rules and risks continue to change and evolve, organizations may consider using a privacy framework to assist in implementing, measuring, and improving their privacy programs.
The NIST Privacy Framework, modeled after the NIST Cybersecurity Framework, contains core functions and controls that can help an organization identify and manage risks to the privacy of data, regardless of the size of the organization, jurisdiction or type of data maintained by the organization.
Although use of a framework is not a substitute for health care organizations' compliance obligations under the HIPAA Rules, use of the NIST Privacy Framework is a good place for organizations to begin reviewing data holistically instead of as segments (e.g. health information, employee information, etc.).
Andrew Mahler, Director of Privacy, Compliance, and Managed Services at CynergisTek, discusses growing number of challenges healthcare organizations related to protecting the privacy of data and ensuring certain rights of patients, members, and consumers.
Read the full article here.