Posts tagged Compliance
HIPAA Compliance Beyond the Edge Requires a New Approach

By Ruby Raley, Director of Healthcare Solutions, Axway

If you’re like many who work in health IT infrastructure, you’re probably scrambling to create patient portals for providers and modern gateways for health plans. You’re probably getting feedback about how the providers’ and health plans’ users are fed up with juggling multiple logins across various devices and platforms. And you’re probably realizing that what their users really want is an integrated experience not unlike the one they enjoy in their personal lives, where their Facebook, Twitter, or Google credentials double as federated identities across countless third-party websites.

To manage the edge of your enterprise and the complexity that’s sure to result from satisfying these demands, you should strive to keep the following three items top-of-mind.

  1. Identity management: Loading thousands of users into a credentialing system, just to deliver an application, is a considerable nuisance nowadays. Instead, grant users access by using the credentials they’ve established elsewhere. This is called federation, and a prime example is the way customer-relationship-management companies enable their users to move freely between the companies’ cloud applications and the users’ own internal applications. Health plans can emulate this template by offering claims teams federated identities across ASP sites, thereby reducing challenges, workloads, risks, and costs while enabling a solid, world-class user experience for everyone involved.
  1. Mobile and cloud application integration: A routine patient activity like appointment scheduling can become hopelessly complicated if your enterprise application can’t answer the patient’s request in a format their mobile device can accept. To avoid this, you need to convert that appointment into a text stream the device can handle, and ensure your organization’s gateway can talk to (1) cloud structures that use lightweight, web-based messages that don’t require long sessions, and (2) mobile devices that use compact, stateless APIs (i.e., APIs that have no information about what occurred previously).
  1. Compliance: The ability to prevent unauthorized personnel from looking up individual patient information (e.g., inhibiting searches for celebrities, persons of interest in a criminal case, etc.) is valuable. To establish it, you need to build a policy structure that lives at the front door of your organization, ensures that data is properly redacted, and guarantees that — whether accessed via a mobile account or an enterprise login — roles and rights are managed consistently. That front door must be easy to manage, update, and inspect; align and normalize your activities with your compliance mandates and strategies; and keep your organization agile. Also, the tools used to monitor this activity should be visual so that:
    • Your teams can easily recognize the values of specific messages.
    • Your teams can readily confirm that they’ve implemented policy correctly.
    • A compliance officer can monitor your teams’ actions (a difficult prospect if the policy is embedded in XML statements!)

The users’ patience has been tried long enough juggling multiple logins across various devices and platforms simply won’t do. Instead, resolve to give users the integrated experience they’ve come to understand and appreciate in their personal lives. Take measures to federate their identities so they don’t have to worry about credentials. Accommodate the devices they prefer to use when interacting with your enterprise. Tighten your policy structure to protect their privacy and comply with regulations robustly. And finally and perhaps most importantly – rest assured that, once you take these measures, the daily challenges your organization will inevitably face will be unavoidable matters in the natural course of business, rather than avoidable matters that are the result of your own inaction.

The Top Five Healthcare Compliance Risks

I recently posted on CorporateComplianceInsights.com. Please take a look and share your thoughts!

With the raft of healthcare legislation coming online in 2013 and beyond, a host of serious compliance risks are appearing on the horizon. Here are the top five that all healthcare organizations need to recognize immediately and take decisive action to safeguard against.