So, what is the “last mile” of HIPAA? Given that HIPAA is a never-ending journey can there even be a “last mile”? After many assessments, at a wide range of healthcare facilities, I think there is a “last mile”. I’ve seen it many times – the practice has done its annual risk assessment, has a risk management plan, yearly training for its staff, and policies and procedures. The IT group has implemented security safeguards and is taking corrective action. Yet, in my opinion, they haven’t completed the last mile. Why? Because they haven’t changed their attitudes. They believe HIPAA is just another government mandated requirement. More paperwork, processes, and cost. And if the management team doesn’t believe it is worthwhile, the staff will just go through the motions. Failure is almost assured. Patient data will be lost or stolen. People’s lives will be negatively impacted – some severely.
So how do you successfully complete the “last mile” of HIPAA? Start at the top. The management team must embrace the responsibility for protecting their patient’s most sensitive data – private data on their children, wives, husbands, and parents. Protect their data in the same way you work to protect yours. When you “walk the talk,” your staff will get the message. Encourage them, and they will step up to the challenge to successfully complete the “last mile of HIPAA” as well.
I was inspired to write this blog by one of my business partners, Dr. Julie Rennecker, who leads our customer experience discipline. She has 10 years bedside clinical experience as a hospital RN, a PhD from MIT in Organizational Behavior, and 20 years research and consulting experience in high-tech and healthcare, and is a recognized industry expert in Change Management. Contact Third Rock if you’d like more information on Change Management and HIPAA compliance.