If you are partnering with other healthcare organizations to pool in your expertise, offer joint solutions and take up joint medical marketing and patient communications programs, be careful how you execute and about what you agree with your partners on sharing patient databases.
Policy
It is advisable to formulate a simple and clear privacy policy and adhere to that in the partnership agreements. Comply with the policy at all patient touch points. Communicate this very clearly with your partners and patients prominently in all your channels of communication. Inventory your data collection processes and gateways. Select appropriate projects to add security to your data across extended networks and partners.
Note there is no silver bullet to protect the privacy. Privacy compliance is as much a business issue as it is a technical issue, sometimes more so.
Implications for Patient Strategies
While you are formulating and implementing privacy policies; you need to address the following questions:
- Do your patients respond to your practice’s privacy strategy? It is not enough to have a privacy policy that is so confidential no one is aware of that. It is imperative for practices, once they implement their privacy strategies, to understand how patients are responding and loop the feedback to fine-tune policies accordingly.
- How do you consider the impact on the patient from every privacy decision you make? Every privacy decision made will impact the patient and your practice; but to what extent? How do you determine this impact? Some of them will be patient-facing and some will be in the back–end. This step is essential so that you can make appropriate decisions and make optimum usage of resources.
- Will your medical practice operations support the privacy initiative? Privacy enablement requires resources and training with perhaps no immediate, apparent short-term value-add to the top-line or bottom-line. Medical practices that take a proactive view of privacy enablement as cost of doing business in the 21st century will benefit. Practices still need to adopt critical processes and technology that agree with their resources and gradually privacy enable in an incremental way.
There is no technology silver bullet. Privacy enabling a practice is composed of elements of company loyalty towards patients, commitment to build long lasting and profitable patient management by building trust, and engaging cross-functional teams that can pick and deploy suitable data security across the network.
Steps
Here are some salient steps for secure data management that affect technology choices of any medical practice:
- Privacy-compliant database development – healthcare organizations have to “listen” and record what patients are saying, and if and how they prefer to be contacted, or not at all. All these details will have to be stored in a secure database, which is regularly refreshed with the outcome of practice communications with patient. This will be the central repository that the office draws upon to design and execute consistent and privacy enabled patient communications.
- Protect the data across the practice, from group to group, area to area, or from network to network. It is not enough for a medical practice to protect data from external intruders, but also from internal data abusers. It is not enough that patient data is secure during transmission at the patient touch point. It also needs to be safe where it is stored. It is not unusual to have patient data stored or lying around where it is accessible by internal intruders. Therefore it is imperative for medical practices to go beyond traditional firewalls to have multi-layered security at the data level.