Guest Column | April 12, 2012

Healthcare Compliance Secrets

By Chris Caldwell, CEO, LockPath

It's no secret that, among industry verticals, healthcare has been buried in regulations. Even the energy sector looks like a lightweight in comparison. Worse, in healthcare, compliance can literally impact life or death situations, which makes the cost of certain failures all that much higher.

Unfortunately, despite the realization that many of these regulations are useful, whether they be for protecting patient privacy or nuclear materials in radiation labs, the simple fact is that it is not reasonable or feasible to expect simultaneous implementation of all changes in all areas. As such, prioritization is the key. Sounds simple, right?

The first issue that is inevitably encountered is how to prioritize compliance efforts. Which regulation is most important? In the grand scheme of things, the "easy" choices are the ones that pertain directly to routine processes and procedures; the changes that can help stem loss of life, secondary infections, and so on. In IT we have less clear direction. In fact, deciding on IT compliance priorities can be a tremendous black hole for discussions. Every system is a "high priority" from somebody's perspective. How do you normalize all those "highs" in an equitable and fair way?

There are a number of criteria that can be used in prioritizing compliance workload. A quick starting point may be to look at functional "business" processes. What are the most important processes to your organization? Forget about systems and data at first and just focus on how work gets done.

On the down side, this approach may still generate a lot of "high" priorities given the typical role and sensitivity of a healthcare business. Secondarily, it is probably worthwhile to sit down with Legal and heads of business to assess those regulations that pose the greatest threat for enforcement and fines. Starting with a long slate of "high priority" business processes, cross-referenced to those that are most likely to trigger high fines or legal action, should help provide a slightly saner picture.