The economic improvements that have taken place in the past few years have led to rapid expansions of major organizations, with business sales and acquisitions growing at a healthy pace. While this is certainly good news for the overall financial situation in the United States, mergers and acquisitions can pose unique security and compliance complications when the data in each of the conjoining organizations is regarded as sensitive.
The first category of data that falls into this type of discussion is patient information and records, which is among the most protected and sensitive classifications because of the immense dangers that come along with exposure. Business leaders must ensure that they are following the guidelines of the Health Information Portability and Accountability Act when expanding their operations and diversifying data-related strategies.
Combining diverse practices
HealthITSecurity recently reported that risk management has become more complex for certain medical organizations, particularly for Atlantic Health System, a nonprofit, New Jersey-based organization that has acquired several different entities in the past year. Because of how quickly this system has obtained other physician practices, it has had to become more aggressive in its initial and long-term audits of new entrants to its organization.
"From a hospital perspective, we've been doing information security risk assessments since 2004 - third-party, outside - that includes penetration testing and all kinds of things," Atlantic Health System Vice President and CIO Linda Reed, MSN, RN, MBA, told the source. "A couple years after that, we started performing annual HIPAA assessments in which we run through what would happen if a HIPAA auditor came in. A few years ago, we extended this process to the physician practices because as we acquired more and more of them we had to make sure that they could also pass."
According to the news provider, Atlantic Health System has also taken steps to ensure that privacy protection and data security are customized to the needs of each of its subsidiaries.
Encrypted email, as well as other protective standards and practices, should always be included in the data and communications security strategies an organization follows. This approach is especially important in the modern era with so many core systems and information being held in digital environments.
By partnering with a reliable provider of HIPAA-approved email and other communications security products, health care organizations can proactively reduce their risk of sustaining a breach.