Avatier Corp., a leader in risk-driven identity management software, advises healthcare providers to leverage identity and access management best practices before digitizing medical records to avoid risk in its blog, "Dare to Go Digital: Automating HIPAA HITECH Compliance." In following this advice, healthcare providers under constant budget pressure will save time and money, reduce critical IT time, while ensuring HIPAA privacy statutes and HIPAA HITECH information technology audit requirements are met.
"While digitizing medical records is necessary to provide improved patient care, streamline operations and reduce costs, it also puts the healthcare provider at risk for a security breach. With today's binding HIPAA statutes around patient privacy, any breach can spell real trouble," said Nelson Cicchitto, chairman and CEO of Avatier. "By following identity management best practices -- which include automating user provisioning protocols -- healthcare providers are better able to meet their regulatory mandates and keep private information from getting into the wrong hands." As in any industry, government and competitive bottom-line pressures force healthcare organizations to put greater focus on cutting costs and generally doing more with less.
Digitizing medical records is one way to cut costs, but it also introduces privacy risks, which are closely monitored through rigorous HIPAA compliance regulations. To be effective, identity and access management programs must be automated from end-to-end. "A truly automated solution isn't one that provides partial automation only to end up generating help desk tickets that still need manual attention," Cicchitto adds.
He also points out that automating identity management and access provisioning should begin with role-based system access. The system should automatically update permissions based on a business user's new position when their role changes. And automated access provisioning should be a centralized repository for a clean and clear identity IT audit trail. With the right tools in place, user access certification and verification audits that used to take days can be completed within hours without taxing IT staff. In an environment where HIPAA PHI compliance audits are stringent and frequent, simplified access certifications save approver aggravation and valuable time, thus allowing decision-makers to focus on more important healthcare-related activities.