We recently sat down with Richard Guttman, who heads AlayaCare’s data privacy and security division, to discuss best practices in risk and compliance for home care agencies today.
In this changing landscape, risk exposure is a growing threat, but one that can be proactively managed with the right data-driven strategy.
Why is security and risk compliance important to the delivery of home health care?
We’re seeing tremendous fluctuation in the industry when it comes to storing and using data. Today, there is a growing demand for health care data. Governments seek to seamlessly connect different systems of data together. All along the health-care continuum, from clinicians to payers to insurers, data is sought to inform both better care decisions and better spending decisions.
Adding complexity to this demand for data is mobile technology, which touches the activities of home care providers via both caregiver and client. This mobile environment alters an agency’s risk profile in important ways.
Perhaps the most urgent change is that personalized home care is unique across the spectrum, versus hospital- and facility-based care that have clear, defined environments. Home care has a deeply diverse range of care settings, technology infrastructures and, with them, different risks arriving across their entire networks.
For the industry today, privacy and data security is a necessary focus for each and every home care provider.
How can agencies work with their tech providers to reduce risk?
In such a dynamic environment, with a proliferation of data sources and demands for that data, agencies must work closely with their technology partner – particularly when electronic health records are involved.
A good place to start for any agency is to develop a mutual understanding of exactly what data will be exchanged with the software provider. Then: which party is responsible for which aspects of the security of that data. Underlying this is knowing what kind of infrastructure a tech partner provides and how the customer intends to implement and use it moving forward.
From there, the two can work in tandem toward ensuring adequate levels of security are in place so agencies can achieve sustainable reductions in risk and be fully compliant to government and insurance regulations.
What is your advice for agencies who want to showcase their security and privacy practices to clients and caregivers?
Many people are surprised to learn that there exist very few objective or standardized third-party certifications that indicate how an agency is faring with regard to security and privacy requirements.
Instead, it’s a good idea for agencies to identify which areas in their operations are data-rich – and begin to use that quantitative information to identify risks and areas where they can sharpen their privacy and security practices.
The most important thing to remember is that a combination of technology infrastructure and operational best practices will provide the capabilities you need. This may include, for example, encryption or secure data transfer combined with operational practices like caregiver training, security IT practices, and privacy procedures across the organization.
This is where we see the strongest benefits for home care providers today.
How can agencies adapt to a changing, often challenging industry environment while maintaining privacy and security measures?
For this, there are simple steps that agencies can take, built upon what home care providers have always been great at: protecting their clients and documenting their care. These are, in fact, the cornerstones of privacy and compliance.
The main step to take is to gain a better understanding of the data that enters and exits the agency, how it is collected, who is responsible for protecting it, and how it's used in the conduct of one’s agency.
There is actually very little about today's privacy and security environment that is black and white. In this gray zone, everything counts: every action that a home care provider can take to better improve their operational practices will make a difference. To this end, get everyone on board with the plan.
It’s important to make sure that everyone in the chain of data command knows where the infrastructure tools start and where they stop – and where it’s necessary to shore things up with operational privacy practices, training and employee management.
And now, I return to the importance of the technology partner. Companies like AlayaCare can take things one step further, by adding in an understanding of things like how the infrastructure is protected and how the data can be encrypted, so that home care providers have a clear window into the risks they face in their business.
This combination, this cooperation, is at the core of all good security and compliance best practices.
Do you have additional risk and compliance questions that we didn’t answer here? Contact us here and we'll explore them for you.