The U.S. Coast Guard has made progress in developing a culture of privacy, but still faces challenges because it lacks a strong organizational approach to resolving health privacy issues, according to a report from the Department of Homeland Security’s Office of Inspector General (OIG).
The report is based on an audit to determine whether the Coast Guard complies with privacy regulations, including the Health Insurance Portability and Accountability Act.
The report cites five areas of concern:
- Coast Guard privacy and HIPAA officials do not formally communicate to improve privacy oversight and incident reporting, which limits USCG’s ability to assess and mitigate the risks of future privacy or HIPAA breaches. The OIG urges a formal mechanism be set up to ensure that communication takes place.
- USCG does not have consistent instructions for managing and securing health records. The report calls for consistent instructions for managing health record retention and disposal.
- The Cost Guard’s clinics have not completed contingency planning to safeguard privacy data from loss in case of disaster. The report shows photos of rooms full of paper records in tubs and others of water damage to a ceiling. OIG says the Coast Guard should make a plan of action and milestones to ensure it is safeguarding privacy data in the event of emergency or disaster.
- Clinics lack processes to periodically review physical security, placing privacy data at unnecessary risk. The OIG calls for an action plan and periodic review of physical safeguards to mitigate risks to protected health information at clinics.
- USCG has not assessed the merchant mariner credentialing program and processes to identify and reduce risk to merchant mariners’ privacy data managed throughout its geographically dispersed program operations. The report says there needs to be a plan to improve controls to better protect this data.
The Coast Guard agreed with all recommendations made by the OIG. It is the only branch of the Department of Homeland Security that has an EHR system for its work force, FierceEMR previously reported. It adopted an Epic system in 2012.
DHS has a system for immigrant detainees, but not its own employees. Thesystem fully implemented earlier this year at U.S. Immigration and Customs Enforcement is considered one of the largest and “most robust” EHR systems in the federal government, according to an ICE announcement. It’s sure to be eclipsed in size, though, by the $11 billion contract to be let later this year tomodernize the Department of Defense system.
Source: http://ift.tt/1FyKiS7
from health IT caucus http://ift.tt/1R5Undk
via IFTTT
No comments:
Post a Comment