Healthcare Security and Privacy Pros Wish for A Compliance Fairy To Aid with Regulatory Woes in 2014

Back to Press

Healthcare Security and Privacy Pros Wish
for A Compliance Fairy To Aid with Regulatory Woes in 2014

Budget, Staff, Training, Audit Help, and Software Top Wish List; Compliance Officers Offer 2014 Predictions


PORTLAND, Ore. — January 8, 2014 —2013 proved to be a dizzying year for healthcare compliance, privacy, and information security: the Affordable Care Act, enforcement of the HIPAA Omnibus Final Rule, and ongoing investigations by the Office for Civil Rights (OCR). Not to mention the need for ongoing risk and incident management, C-Suite communication, managing business associates, breach notification, and investigations by the Office for Civil Rights (OCR). ID Experts asked healthcare compliance, privacy, and information security officers to share their predictions and provide their wish lists for a smoother and more compliant 2014.

Top Five Things: Budget, Staff, Training, Audit Help, and Software

In order to better manage their current programs, security, compliance and privacy officers at healthcare organizations are requesting five things: more training, more staff, increased budget, help with audits, and compliance software to help with the avalanche of data breach laws. This parallels the findings from the Ponemon Institute’s Third Annual Benchmark Study on Patient Privacy & Data Security, stating that the majority of healthcare organizations have insufficient resources, budget, or controls in place to minimize data breach incidents.

If I had more budget, I'd wish for...

  • The compliance fairy sprinkling compliance dust and all employees follow the rules. If they don’t, they would disappear.
  • More staff, proactive access audit software
  • More training; more resources to fund audit trips.”
  • A new position to be funded: someone to develop privacy training, be the first contact for questions, and assist in the review and investigation of complaints.
  • A best practices, state-of-the-art, compliance tracking system.
  • I wish every audit could be done by an external company.
  • Internal auditors and a person dedicated to subcontractor oversight activities.
  • More staff to help with all the rules and regulations, and write policies.
  • The best software available to audit for inappropriate record access.

If I had more control, I'd wish for...

  • Time to be more proactive and more time to focus on education, monitoring, and overall bolstering of the privacy program.
  • Have no healthcare, privacy or security laws and regulations change for the next five years.
  • Monitoring software to be installed to audit all employees for inappropriate record viewing and monitoring usage of the non-work related Internet websites.
  • Less government rules, more care for the patients.
  • Designated full-time compliance liaison staff at all sites throughout the state.
  • Increased reporting, and government (state and federal) enforcement of privacy and security rules.

Predictions for 2014

What lies ahead may require more than a compliance fairy to handle the expected: increased reporting and intensified auditing, more state and federal enforcement of privacy, security and breach rules, and the resignation of executives because of the new accountability requirements.

  • Increased reporting, and government (state and federal) enforcement of privacy and security rules.
  • More work, higher expectations and no new staff.
  • The auditing will intensify.
  • Change has just started, 2015 will look totally different.
  • It's going to be a busy year!
  • More regulations, not new ones. The old ones will be revised to the point of ridiculous and will be impossible to follow. [We’ll see] many CEOs and board members resigning because of the new accountability. Compliance officers will be on their own.

Maybe There is a Compliance Fairy

Healthcare organizations turn to “compliance fairy” ID Experts and RADAR™ 3.0, for incident management and compliance.

“My wish for my compliance peers is that they have a process and get a tool for managing incidents. RADAR takes the guess work out of risk assessments and helps us systematically review the incidents and stay compliant with the changing laws,” said Dr. Cris V. Ewell, chief information security officer at Seattle Children’s Hospital. “Our patients’ health and well-being are of utmost importance to us. So is the security and privacy of their information.”

About ID Experts

ID Experts creates software and delivers services that address the organizational risks associated with regulated personal data. The RADAR™ data incident management software platform and professional privacy/security and data breach response services, provide organizations with complete data breach care. Newly announced MIDAS™ (Medical Identity Alert System) addresses the growing national issue of healthcare fraud. ID Experts serves leading healthcare providers, insurance organizations, universities, and government agencies and is exclusively endorsed by the American Hospital Association. Founded in 2003, ID Experts is an advocate for privacy; an active contributor to legislation; a member of IAPP, HIMSS, and HCCA; a founding member of Medical Identity Fraud Alliance (MIFA); chair of PHI Protection Network (PPN); and chair of the ANSI Identity Management Standards Panel PHI Project. For more information on ID Experts, join the LinkedIn All Things HITECH discussion at; All Things Data Breach at; follow ID Experts on Twitter @IDExperts; and visit

# # #

Media Contact:

Kelly Stremel or Lisa MacKenzie

MacKenzie Marketing Group