HIPAA’s “Last Mile” Challenge

The phrase “last mile” is commonly used across many industries to denote the final leg of a project or process - reaching the goal! More often than not, it’s referring to the most difficult part of the journey.  In logistics, it is delivering your iPhone made in China to your doorstep in rural Texas.  In the communications industry, it is installing the last few hundred yards of new optical fiber cabling for high speed internet to your home or office that is extremely costly and disruptive.  And literally, although I have never run a marathon, I’ve heard that the last mile is often the toughest.

So, what is the “last mile” of HIPAA?  Given that HIPAA is a never-ending journey can there even be a “last mile"?  After many assessments, at a wide range of healthcare facilities, I think there is a "last mile".  I’ve seen it many times - the practice has done its annual risk assessment, has a risk management plan, yearly training for its staff, and policies and procedures. The IT group has implemented security safeguards and is taking corrective action.  Yet, in my opinion, they haven’t completed the last mile.  Why?  Because they haven’t changed their attitudes.  They believe HIPAA is just another government mandated requirement.  More paperwork, processes, and cost.  And if the management team doesn’t believe it is worthwhile, the staff will just go through the motions.  Failure is almost assured.  Patient data will be lost or stolen.   People’s lives will be negatively impacted - some severely.

So how do you successfully complete the “last mile” of HIPAA?  Start at the top.  The management team must embrace the responsibility for protecting their patient’s most sensitive data -  private data on their children, wives, husbands, and parents.  Protect their data in the same way you work to protect yours.  When you “walk the talk,” your staff will get the message.  Encourage them, and they will step up to the challenge to successfully complete the “last mile of HIPAA” as well.

I was inspired to write this blog by one of my business partners, Dr. Julie Rennecker, who leads our customer experience discipline.  She has 10 years bedside clinical experience as a hospital RN, a PhD from MIT in Organizational Behavior, and 20 years research and consulting experience in high-tech and healthcare, and is a recognized industry expert in Change Management.  Contact Third Rock if you’d like more information on Change Management and HIPAA compliance.

Ed Jones, PMP, CHSP
About the Author

Over 30 years of customer facing experience managing projects in healthcare, IT, process automation in a variety of tech industries, Ed has worked for start-ups to Fortune 100 companies. He has performed numerous complex and extensive risk assessments, and developed and managed the corresponding risk management strategies.

%d bloggers like this: