The Joint Commission has updated and expanded its information management accreditation readiness standards for hospitals and related organizations. Ne...
The Joint Commission has updated and expanded its information management accreditation readiness standards for hospitals and related organizations. New readiness standards for information management and technology risk management are requiring hospitals to rethink how they will protect and secure sensitive information, audit, and improve continuity of operations and disaster recovery planning.
The Joint Commission evaluates the quality and safety of care for more than 15,000 healthcare organizations. To maintain and earn accreditation, organizations must have an extensive on-site review by a team of Joint Commission healthcare professionals, at least once every three years. The purpose of the review is to evaluate the organization’s performance in areas that affect care. Accreditation may then be awarded based on how well the organizations met Joint Commission standards.
Hospitals who have not met the challenge of enabling compliance with these newly enhanced standards risk the loss of reimbursements from Medicare and increased liability of insurance costs.
A healthcare organization’s IT infrastructure is at the foundation of delivering quality care. TJC recognizes this in the enhanced information management (IM) readiness standards. Among numerous other topics, TJC specifically addresses three key areas of IT risk management in the new IM standards. These include:
Now let’s take a closer look at these three TJC IM Readiness Standards.
Plan for Continuity of IM Processes (IM.01.01.03)
The hospital must have a written plan for managing interruptions to its information processes (paper-based, electronic, or a mix of paper-based and electronic). The hospital’s plan for managing interruptions to information processes must address the following:
Protect Privacy of Health Information (IM.02.01.01)
Maintain Security & Integrity of Health Information (IM.02.01.03)
TJC’s move to enhance its information management readiness standards is consistent with the growing number of ID theft incidents and regulatory pressures from many government and private sources. A typical hospital, for example, is subject to HIPAA regulations, PCI compliance (credit card), and often Sarbanes Oxley.
Common among these regulations and other information security best practice standards is the need to protect all patient, credit card and other confidential data from intrusion, tampering, and theft – at all times.
Key Issues in HIPAA Security Compliance Management
A 360 Degree Approach to HIPAA Compliance An effective approach to meeting HIPAA security compliance requirements begins with a security management so...New Threats to Utility SCADA Systems
Mission Critical Systems for the Energy Industry Supervisory Control and Data Acquisition (SCADA) systems that collect and manage data across a large ...7 Keys to Meeting Cyber-Security Reliability Standards and CIP Reliability Standards
Bulk Electric System entities that establish accountability and consistent data collection, retention, monitoring and reporting practices, can success...