Maturing an Information Technology Privacy Program: Assessment, Improvement, and Change Leadership

Maturing an Information Technology Privacy Program: Assessment, Improvement, and Change Leadership

Mike Gregory (Community Healthcare System, USA) and Cynthia Roberts (School of Business and Economics, Indiana University Northwest, USA)
Copyright: © 2020 |Pages: 19
DOI: 10.4018/978-1-7998-2949-2.ch006


The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was initially enacted as an administrative simplification to standardize electronic transmission of common administrative and financial transactions. The program also calls for implementation specifications regarding privacy and security standards to protect the confidentiality and integrity of individually identifiable health information or protected health information. The Affordable Care Act further expanded many of the protective provisions set forth by HIPAA. Since its implementation, healthcare organizations around the nation have invested billions of dollars and have cycled through numerous program attempts aimed at meeting these standards. This chapter reviews the process taken by one organization to review the privacy policy in place utilizing a maturity model, identify deficiencies, and lead change in order to heighten the maturity of the system. The authors conclude with reflection related to effectiveness of the process as well as implications for practice.
Chapter Preview

Background: Privacy Protection And The Human Factor

As a HIPAA mandate, covered entities are required to perform an annual risk assessment of all administrative, physical, and technical safeguards to identify gaps in privacy and select appropriate remediation plans for each of the environments. Most companies spend millions of dollars a year in acquiring and/or implementing technology strategies not only to comply with HIPAA regulations but to meet or exceed best industry practices. The stakes are heightened whenever a regulatory body imposes fines for the willful neglect to implement or otherwise exercise all plausible means to protect against the unauthorized use of protected health information.

Key Terms in this Chapter

Maturity Model: A business tool that facilitates change or improvement by providing a framework based on certain performance parameters designed to assess the current capabilities of an organization as well as provide a path for improvement.

Predictive Analytics: A process for analyzing data in a manner that seeks to predict a likely future scenario or outcome. It can be used to improve decision making, mitigate risk, improve operations, and identify best practices.

Privacy Monitoring Software: Technology designed to detect privacy breach events due to unauthorized access of patient records.

HIPAA: Health Insurance Portability and Accountability Act of 1996, a federal law in the United States that provides rules and regulations for health care providers and health insurance in order to ensure the privacy of personal health information.

Change Leadership: A comprehensive and systematic process designed to strategically introduce and implement large scale organizational change in a manner that ensures the changes will take hold.

Complete Chapter List

Search this Book: