- Potential cyberattacks and other cybersecurity threats will help keep healthcare data privacy and security main concerns going into 2018, according to recent AHIMA predictions.
In total, AHIMA members listed eight key focus areas. Privacy and security was cited as the one that HIM professionals would most want to be able to accurately predict.
“I think that HIM professionals need to get more experience and education in cybersecurity,” AHIMA Vice President of Information Governance, Informatics, and Standards Katherine Downing, MA, RHIA, CHPS, PMP, CPHI said. “They need to be at the table. They need to lead business continuity and disaster recovery discussions for cyber situations—such as ransomware and denial of service (DOS) attacks.”
AHIMA Senior Director of Federal Relations Lauren Riplinger, JD added that HIM professionals should also keep an eye out for potential OCR updates that may impact privacy and security.
For example, the agency may issue additional “minimum necessary” requirements and release an advance notice of proposed rulemaking (ANPRM) on accounting for disclosures.
The 21st Century Cures Act will also likely have privacy and security implications in 2018, as OCR may release guidance related to mental health information as mandated by the Act. Furthermore, the Act calls for further guidance on data sharing for research purposes.
OCR may also release notice of proposed rulemaking on the penalty sharing provision of the HITECH Act (i.e., the distribution of a civil penalty or monetary settlement to an individual harmed by a breach), according to Riplinger.
“We may also see something come out of OCR under an administration-wide strategy to institute ‘regulatory reform.’ What this may or may not look like from OCR is currently unclear,” Riplinger stated.
Implications from the 21st Century Cures Act also tie into another of the top eight focal points AHIMA listed: rules and regulations. Specifically, the legislation could affect ONC’s current definition of “information blocking.”
“The way the definition is written will have an impact on a large portion of electronic health record (EHR) users,” AHIMA stated. “The 21st Century Cures Act requires ONC to define information blocking so the Office of Inspector General can start enforcing against the practice—issuing up to a $1 million fine, per occurrence, for providers who purposely hinder the exchange of health information.”
Both ONC and CMS will need to address the burden of time physicians spend on EHR documentation, AHIMA noted.
The other top areas to watch in 2018 included the following:
- Data analytics
- Information governance
- Education and workforce
- Clinical documentation improvement
- Inpatient and outpatient coding
AHIMA Vice President of Academic and Certification Services Desla Mancilla, DHA, RHIA, explained in the organization’s predictions piece that upskilling existing practitioners for more advanced roles in data analytics and informatics will be a top workforce priority this year.
Preparing academic faculty to teach higher-level content in data analytics and revising curriculum to ensure students are prepared to meet workplace needs will also be essential.
Having a strong healthcare cybersecurity workforce and ensuring that all staff members are properly educated on data security measures is often touted as a key issue for providers.
The 2017 Level 3 Healthcare Security Study conducted by HIMSS Analytics found that 80 percent of health IT executives and professionals believe employee security awareness is their greatest healthcare data security concern.
Respondents also cited employee awareness and training as a top security program barrier.
HIMSS Director of Privacy and Security Lee Kim explained in an October 2017 blog post that healthcare cybersecurity education must occur at all levels, for all varying degrees of cybersecurity comprehension.
“More people are interested in learning about healthcare cybersecurity (and cybersecurity generally),” Kim wrote. “However, I have also found that the ‘depth’ to which they want to learn may vary. Getting too technical with jargon may lose many people. Cybersecurity information (and education) must be communicated in a way in which anyone can understand it.”
Healthcare organizations must remain vigilant with their cybersecurity measures. Having a comprehensive and current workforce training program will be a key piece to ensuring privacy and security going forward.