Original: Cyber security, Coding and CDI. Best practices to ensure best practices for cyber security are employed.
To say that the present state of healthcare cyber security poses a challenge for organizations undertaking clinical documentation improvement (CDI) efforts is a drastic understatement. Under the ever-present specter of costly cyber attacks, providers across the country continue to grapple with myriad, big-picture challenges such as information governance (IG), highly ambiguous government oversight and unstable compliance landscapes as well as shifting care settings.
Providers are required to adhere to strict security laws like HIPAA and HITECH while simultaneously acceding the regulatory demands of fluid information sharing contained in the 21st Century Cures Act—all while adapting to the logistical reality of increasingly frequent outpatient care delivery. Further intensifying those challenges, the shift to outpatient care means that greater volumes of protected health information (PHI) is being routed through ambulatory and other non-hospital settings, making them increasingly attractive targets for hackers. Additionally, a recent survey of medical coders also found that roughly one-third reported working remotely at some point, highlighting the potential vulnerability many providers face.
As they approach this challenging future, however, smart organizations can balance conflicting security and compliance concerns as well as inpatient and outpatient CDI initiatives by sharpening their focus in a few key areas.
Staffing and Training. In CDI, overwhelmed and under-trained teams are more apt to make costly mistakes. The same is true for cyber security. A misaligned and overworked team is a liability and leading cause of security breaches, but one with the tools, training and cohesion to efficiently manage their workflow is a powerful safeguard. The quickest way for any organization to promote quality and compliance—as well as security—while executing CDI efforts is to ensure its staff is trained well. Fostering alignment between providers, coding and other administrative staff must include education on common security risks, drills to identify weak points and emphasis on a culture where anomalies, breaches and prevention are openly discussed and addressed.
Emphasis on Accuracy and Clarity. Just as optimized CDI and streamlined organizational compliance—from the point of care to the submission of a claim—can reduce error-driven medical necessity denials, that same focus on accuracy and clarity can reduce security errors as well. As provider organizations seek to improve overall IG while also contending with growing troves of clinical data, enhanced CDI workflow is a necessary component strategy, intricately linked with all others.
Encryption of All Devices. Loss of mobile devices is a major cause of healthcare data breach, particularly in outpatient settings. As mobile devices become increasingly common tools in clinical documentation, ensuring that these devices and all computers are encrypted is an important, albeit not-HIPAA-required, step for organizations to take.
Vetting Vendors. An organization must safeguard its own internal protocols, but it must also ensure that its vendors—particularly those offering Software as a Service (Saas)—are taking all reasonable steps to protect data, confidentiality and security as well. It’s a must to understand a vendor’s risk assessments and require indemnification provisions and cyber security insurance in business associate agreements.
Designing your organization’s CDI efforts is a significant undertaking. To learn about PracticePerfect, a platform to help you address outpatient CDI, or Doc-U-Aide, a revolutionary platform for inpatient CDI, contact Saince.