Having effective and robust security and privacy programs are the keys for avoiding reputation, regulatory, and financial risk.
Build a strategic and comprehensive privacy program that defines, develops, maintains and implements policies and processes that enable consistent, effective privacy practices, which minimize risk and ensure the confidentiality of protected health information (PHI), paper and/or electronic, across all media types. Ensures privacy forms, policies, standards, and procedures are up-to-date.
Privacy program guidelines:
- Establish the titles and responsibilities that specify the oversight role of the board of directors.
- Select a board committee to oversee the privacy programs.
- Train new and established board members and senior leaders.
- Establish a reporting structure for security and privacy programs that enables the officers to be effective, and emphasizes visibility and relationships.
- Be clear about expectations and define essential duties of security and privacy officers.
- Carefully consider the background, training, certification, skills sets, and knowledge requirements for the job.
- Ensure that security and privacy officers obtain ongoing education and training opportunities.
- Leverage resources and consider de-centralizing some functions of security and privacy where it makes sense to do so.