Convention Q&A: Managing the Wake of a Breach
The 2014 AHIMA convention session, “Whoops! We Have a Breach: What Do We Do Now?” on Monday, September 29 at 4:30 p.m. will break down the 2014 AHIMA Break Toolkit and how to incorporate its guidance within an organization. Session presenters Susan Lucci, RHIA, CHDS, ADHI-F of Just Associates, Inc., in Parker, CO, and Mary Poulson, RHIT, MA, CHC, CHPC, of MEDNAX, in Sunrise, FL, recently spoke with Journal staff to give a preview of their session.
What are you hoping members will take away from your session?
Lucci: Experiencing a breach can be a very traumatic experience for any organization. Even the best of facilities with excellent compliance strategies in place can have a breach. Our goal in presenting a session on this topic is to help ensure that if there is a breach, our member professionals know there is a resource out there to help them through this—whether the very first time or if it has happened before.
Poulson: We also hope that members will understand that they are not alone in experiencing a breach, that they do not need to re-invent the wheel, and that the AHIMA Breach Management Toolkit is truly a roadmap that will help ensure that no critical steps are missed.
What should HIM professionals be focusing on now to ensure HIPAA compliance?
Poulson: With regards to breaches, continued education and workforce training to report breaches promptly continues to be at the top of the list. Also, HIM professionals should have updated their policies, procedures, and processes in accordance with the changes to the final privacy rule.
Lucci: We already know that there are a few critical “hot buttons” that the Office for Civil Rights will be looking for in the next round of audits. From a global privacy perspective, items like the security risk analyses on all assets including biomedical devices are sure to be a target, as well as having met the September 2014 deadline of updating all business associate agreements. We believe that the business associate relationship will be under the microscope. These are just a few areas where HIM professionals should be well-prepared.
What takeaways from the 2014 AHIMA Breach Toolkit will your session address?
Lucci: Attendees will be able to take back real-world strategies and processes to their organizations. The forms and processes come from experienced professionals that are in roles where these practices have been found to work well. Certainly, no one wants to experience a breach, but if/when you do, knowing what to do and in what order will help to alleviate stress and take the unknowns out of the picture in order to mitigate the issue, and move forward with confidence.
How can attendees start incorporating the lessons from the toolkit in their organization right away?
Lucci: AHIMA members can download the toolkit from the AHIMA website today, read through it, and if they have any questions send to the any of the presenters or bring it to the next Privacy and Security or Compliance meeting for discussion and review. Having familiarity with the toolkit is a good way to be prepared before it is needed.
Poulson: Not only will we review pertinent sections of the Toolkit during this session, but we will discuss recent breaches that have occurred and break them down and provide valuable insight on how attendees can ensure that these types of breaches do not occur in their own organizations. There will also be time for questions and sharing of information from attendees who may have experienced their own breaches and how they worked through them.