New healthcare business needs IT solutions and asking if you have a PIA
(what will you do about it?)
Healthcare practices throughout Canada and the US need IT services and have money to buy new hardware, software and service contracts. They also need a Privacy Impact Assessment (PIA) and want to work with a vendor who is PIA prepared.
Vendors are required to comply with the healthcare providers ‘PIA's and their privacy, confidentiality, and security best practices.
“A PIA should be as commonplace to a healthcare practice as a business plan is to a business.”
-Jean L. Eaton, Your Practical Privacy Coach
BUT most healthcare practices don't know this and often don't know that a PIA is usually part of their professional college requirements and often even a legislated requirement! Developing a PIA and the supporting policies and procedures will help a healthcare practice to prevent gross errors, omissions or attacks that could result in fines and even jail time for the business, healthcare provider, employee, or vendor. A vendor that supports healthcare practices must:
- Understand the PIA process and the healthcare customer needs
- Understand the requirements of legislation (for example, Health Information Act Regulations, Electronic Health Records Regulations, HIPAA, etc.) that the clinic must follow, it includes technical safeguards to protect privacy and confidentiality and security of patients' health information.
- Makes sure that vendor's business practices meet privacy and safety legislation. This is an excellent opportunity for the seller to lead by example and demonstrate how to implement and follow best practices. This includes:
- Having a named Privacy Officer
- Implementing an internal privacy and security incident management program
- Implementing a privacy awareness program for all of your employees
- Providing an Information Management Agreement (IMA) or Business Agreement (BA) to the healthcare provider that meets regulations.
Not every healthcare practice knows all of the technical, physical, and administrative safeguards that should be in place to prevent the risks of unauthorized access, use, or disclosure of sensitive health information. A vendor that understands the requirements can make better recommendations for the healthcare practice. In fact, the experienced vendor can:
- Create a premium value-added service to guide all new clinics with step by step instructions about the regulations and requirements of the service and
- Profile how the vendor can best support the healthcare practice
- Create more sales and help more customers by providing the services they need (even if they don't know it, yet!).
- Coach the healthcare practice early in the sales process about how the vendor's services can support the healthcare practice. This results in less work and headache for both the practice and the provider.
Do you want to become the preferred vendor in this large customer niche?
You need to learn what the healthcare business needs to successfully complete their Privacy Impact Assessment. Then you can develop branded PIA Readiness Plan for your business that you can give to the healthcare provider to support them to create their PIA.
Have you seen this?
IT vendor Privacy Impact Assessment Readiness Plan
Brought to you by Jean L. Eaton, Your Practical Privacy Coach
Join Privacy Nuggets and get some more tips, tools, and templates that you can use right away to improve your privacy management program.