Products and Technology
security training and healthcare informa- tion security training, can be purchased relatively cheaply from several vendors on the market today.
Then from the system side, be very care- ful in your vendor selection. Select vendors with strong security programs. If you’re a small provider you’re probably relying on outsourced IT or virtual CIO services — and that’s great; that’s a good option for smaller HMEs — but ensure that your virtual CIO team has that strengthened cyber security, as you’re dependent on them.
HMEB: Organizationally are there things that providers need to do with their staff?
Dennany: I’m going to hit that same drum again, but training employees regularly. But also create a culture where questions are allowed and encouraged if they see something unusual. Remember, caring for patient data is another aspect of patient care, and your reputation as a provider can really depend on how well you carry out this critical task.
HMEB: I would imagine that today’s ac- creditation standards for providers that
are Medicare suppliers, includes not only HIPAA compliance, but good data handling procedures, as well.
Dennany: Absolutely. And part of this that people miss sometimes is from an audit perspective. It’s not just having a process or a documented process, but make sure you do what you’re saying what you’re going to do. The number one audit failure that we see is failure to follow your own policy.
HMEB: That’s pretty eye-opening right there. Are there other key pitfalls that providers often fall into?
Dennany: Completion of documentation is always something that I think gets a lot of focus, but it doesn’t get as much focus as following your own policy.
HMEB: Is the trend towards e-prescrip- tion helping to reinforce data security? Or are there other procedures that providers need to integrate on top of that to ensure secure e-prescription? Dennany: I think anywhere you can automate the workflow is going to have a security benefit to it. And e-prescription
is a great example of that. It reduces the human touch on data and reduces the
likelihood of data leak due to human error. So I think it’s a really positive area to uplift both from better referral source relations, but also from a security profile perspective.
HMEB: I would imagine any sort of push towards interoperability and stan- dardized data sharing probably has a lot of security baked into it.
Dennany: It does. These systems are designed up front with security in mind. And so it takes it out of the human error aspect of what we’ve been talking about and into a system security, which has a lot of concentration in that space.
HMEB: If you had to give any bottom line advice to HME providers out there who might not have emphasized data security as much as they should, what would you tell them?
Dennany: Absolutely find the right part- ner in this, right? You can’t hit this journey by yourself. Even Brightree, at our scale, we pay a lot of attention to who we’re picking to help us protect PHI in this data. That’s a really key aspect of any informa- tion security strategy.
12 HMEBusiness | July/August 2021 | hme-business.com Untitled-17 1
Management Solutions | Technology | Products
7/30/21 12:29 PM