OCR to Focus on Risk Mitigation, Who's In Charge?
We always talk about compliance being a process, an ongoing process. Certainly systematic reduction in risk requires a process. Policies and procedures define your business process and provide the basis for training your staff.
Assignment of responsibilities is also critical. As the saying goes if no one person is in charge no one is in charge.
Witness this exchange between the Coast Guard and Curt R. Kuchta, the Deepwater Horizon rig’s captain, when asked how the crew knew who was in charge.
“It’s pretty well understood amongst the crew who’s in charge,” he said.
“How do they know that?” a Coast Guard investigator asked.
“I guess, I don’t know,” Captain Kuchta said. “But it’s pretty well — everyone knows.”
Apparently they didn't. In the world of risk mitigation you need a Privacy and Security Officer who is in charge, documented policies and procedures, training of staff and an ongoing maintenance program to monitor performance. Anything short of this and your rig could blow up and sink to the bottom of the ocean.
Subscribe via RSSCategories
- HIPAA HITECH Act
- HIPAA Covered Entity
- HIPAA Business Associates
- Health Information Privacy
- HIPAA Compliance Online Software
- HIPAA Compliant Checklist
Recent Blog Posts
- Business Associates Need HIPAA HITECH Compliant Policies and Procedures, Now/1
- Minnesota Attorney General Sues Business Associate for HIPAA HITECH Data Breach
- HIPAA HITECH Data Breach Costs Small Business Associate $300,000
- HIPAA HITECH Rules De Facto Standard?
- HIPAA HITECH Data Breach: $1000 Per Patient?
- Senate Hearings Focus on Lack of HIPAA Enforcement, Final HITECH Rule
- more from the blog
