Security and Privacy
Earn the confidence of partners, members and regulators by taking deliberate steps now.
Accountable care models, electronic medical records, and mobile-based patient relationship management are only some of the forces that are causing more data movement in the health care system. Yet at the same time, privacy requirements are tightening and penalties for security lapses are severe. If you’re responsible for the security and privacy of your organization’s data, you’re squarely in the middle of that squeeze.
The importance of a health plan’s security and privacy cannot be overstated, given the data entrusted to plans as well as the risk to a plan’s reputation. Yet in the rush to get new systems online, some operators circle back to address security later rather than building it in from the start, which can be more costly and less effective. Where existing or legacy systems are involved, the need to assess and address security is even more pressing.
Deloitte has helped many of the nation’s largest plans assess their security and privacy profiles, compare their measures to applicable rules (which vary from state to state), conduct gap analyses, and implement roadmaps to close potential holes. As part of the same process, we help build user awareness to help make sure human behavior works hand in hand with technology solutions to keep sensitive information where it belongs.
The post-reform era involves more collaboration and more connections with new partners. The more third parties you work with, the more places there are for security and privacy controls. Even with Business Associate Agreements in place, you can be liable for breaches from your business affiliates’ systems. Our teams can help you put controls in place to make errors less likely and to follow the stringent Centers for Medicare & Medicaid Services’ reporting and response requirements when they do occur.
We can help you make mobile access more secure without unduly limiting its usefulness, create a dashboard view of constantly shifting active cybersecurity threats, and help you build an enterprise-wide view of who has access to what—a single point of reference that spans clinical, HR, identification management, finance, and other functions for your employees and your members. Additional tangible benefits may include risk mitigation as well as an increase in ROI from centralizing security and privacy efforts. A solid security and privacy program can help build trust with consumers and help protect your organization’s reputation.
- HIPAA/HITECH health check
- Third-party risk management
- ERP security & controls
- Cyber security
- Identity management
|Mark Ford, Principal, Deloitte & Touche LLP|
As used in this document, "Deloitte" means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.