The Invisible Impact of Credentialing - Part TwoMake Sure All Data is Protected – Not Just PHI.
The Invisible Impact of Credentialing - Part Two
Make Sure All Data is Protected – Not Just PHI.
More than two decades ago, the Health Insurance Portability and Accountability Act (HIPAA) was signed into law. One of its most signiﬁcant provisions was to create a standard method of protecting patient data, regardless of where it resides. In 2000 additional safeguards were put in place and Protected Health Information (PHI) became the responsibility of everyone in the healthcare sector. As a result, compliance programs and business associate agreements were created and rolled out to ensure anyone who could be exposed to PHI respected its discreet characteristics and would take necessary steps to protect patient privacy.
While a tremendous amount of work has been done to ensure data security in the healthcare industry, there is still much more to be done. As news of data breaches top headlines, hospitals and other healthcare organizations are stepping up their data security efforts. IT staff are working diligently to ensure EHR systems, accounting systems, and other patient-related software systems are secure. Meanwhile, with the focus primarily on patient information, one-off areas like credentialing and enrollment are being overlooked which is putting many providers sensitive information at risk.
Because provider data is not PHI, it is not subjected to the rigorous protection standards demanded by HIPAA. While many organizations have internal compliance programs designed to shield employees, vendors, and providers from unexpected data breaches, provider data is all too commonly found on loosely protected Excel spreadsheets, Word documents, and in unsecured email
SECURE CREDENTIALING & PROVIDER DATA
CENTRALIZE ALL CREDENTIALING DATA Eliminate paper documentation and one-off locations for storing provider data. Provider credentialing and enrollment data should be stored in a protected central repository and made available only to individuals with a need to access it.
CONTROL DATA ACCESS Ensure policies and procedures are put in place for storing, accessing and sharing provider data. Policies should be detailed and require hard passwords to access any provider data and prohibit users from sharing log in ID’s or passwords.
BACK UP YOUR DATA Take steps to ensure that provider credentialing data is included as part of your organization’s data compliance and disaster recovery programs. Co-location backups and off-site storage are sound processes to protect against data loss.
MONITOR DATA ACCESS AND USAGE Make sure all transmission of provider data is secure. This may mean using a secure portal instead of email to transmit information to plans. IT audit trails should be implemented to track the “who, what, when, and where” each time data is accessed.
Evaluate your healthcare contract management program with these KPIs.How can you measure your healthcare organization’s contract management performance? Contracts directly impact revenue and prevent...
More than 2 million children living in the U.S. have rare or complex illnesses requiring specialized medical care that is available only at a limited number of pediatric healthcare organizations....
The COVID-19 pandemic has created the greatest financial crisis in history for healthcare organizations. A report from the American Hospital Association (AHA) estimates a total impact of...
Our Solutions Automate and Streamline Your Provider Management Processes.
Learn how our integrated MediTract CLM, Provider Onboarding, and Physician Analytics capabilities deliver measurable results to your healthcare organization.