Co-written by CompliancePro’s Managing Director, Kelly McLendon, this comprehensive article for the Journal of AHIMA examines how other countries face the growing threats to the privacy and security of personal information, and how those approaches relate to US laws.

Read the full article here


Excerpt from the article


The COVID-19 public health emergency has forced privacy and security professionals in healthcare to adapt to new realities and practices for the indefinite future.

Tasks such as implementing evolving guidance from regulators like the Office for Civil Rights (OCR) and applying enforcement waivers to rules like HIPAA and SAMHSA 42 CFR part 2 substance abuse rules (Part 2); safeguarding protected health information (PHI) from external sources, like contact tracing and epidemiological reporting; and safely scaling up alternative care technologies like telehealth have been added to the already-full plates of privacy and security professionals.

All the while, bad actors continue to probe for vulnerabilities in the digital ecosystems of hospitals and health systems. Vigilance and the need for effective cybersecurity controls has only increased with the disruption wrought by the pandemic.

Privacy and Security—Better Together

It won’t be a surprise to anyone in healthcare that our industry is the most vulnerable to cyberattacks. Medical and patient records are brimming with detailed and highly sensitive information, making them lucrative targets for digital criminals, according to Ernst & Young.

Greater investment in cybersecurity technology, training, and strategy is certainly warranted. However, cybersecurity is only part of the protection that must be afforded to all personal information. Healthcare also needs to increase the time and budgets associated with privacy compliance, which historically have been low compared to security, but will only increase in visibility and importance as cyberthreats grow more numerous and sophisticated.


Kelly McLendon