Guest Column | June 21, 2019

The Changing Role Of HIM Professionals In Protecting HIPAA Compliance

By Kayla Matthews, Productivity Bytes

The current state of the healthcare industry has underscored the importance of HIM professionals. According to a recent report, the number of exposed healthcare records nearly tripled from 5,579,438 in 2017 to 15,085,302 in 2018. Data breaches rose as well, and experts predict this trend will continue.

As cybercriminals grow more sophisticated, individuals in health information management will prove critical to data security, especially HIPAA compliance. Since HIPAA rules require that organizations have a privacy or security officer, HIM professionals often take on the responsibilities of an organization's privacy officer.

Angela Rose, a director of HIM Practice Excellence at AHIMA, spoke more on the role of HIM professionals, saying, “They'll be responsible for implementing the whole program, like policy and procedures: writing them, the training of staff, just making sure that the laws and the requirements are met as a whole..."

These individuals also will, on occasion, operate as IT security officers. However, that role has typically remained in the IT department. Rose went on to say that despite this separation, it's vital that the privacy and security officers of an organization work together to preempt issues and ensure the protection of data.

With these rapid changes, HIM professionals are naturally interested to learn more about what their occupation will soon involve. This article seeks to examine questions of compliance and obligation, exploring the field of health information management and its transformation within the context of HIPAA regulations.

Previous Obligations Of HIM Professionals

The American Health Information Management Association, or AHIMA, offers a broad overview of the role of HIM professionals. They acquire, analyze and protect digital and traditional medical information vital to providing quality patient care. This can take many forms, and it requires specialized knowledge and skills.

HIM professionals may participate in medical transcription, deliver information to physicians, assemble medical records, maintain those records and file them as necessary. They also preserve the confidentiality of patients and ensure their privacy through various means. In recent years, security has taken center stage.

The rising threat of cyberattacks is clear motivation for these shifting responsibilities. As context, hacking incidents in healthcare were the most significant cause of breaches in 2018, accounting for 44.22 percent of all tracked data breaches. Organizations are naturally going to place greater importance on cybersecurity.

In today's environment, the function of HIM professionals is increasingly similar to the role of information managers associated with the tech industry. Historically, HIM professionals handled matters of privacy, but now, they have to show a much stronger grasp on digital solutions. Employers often search for these qualities.

Healthcare organizations will prioritize applicants with a specific background. These organizations have an interest in HIM professionals with experience in both cybersecurity and information technology. In hiring these individuals, they can find someone who understands today's systems as well as HIPAA compliance.

Matters Of HIPAA Compliance And Training

On the subject of HIPAA compliance, every organization will implement the regulations differently. As an example, HIPAA training sessions may range from a PowerPoint slideshow to an online course. Many organizations show a presentation and follow it with a quiz to ensure the engagement of those in attendance.

Regardless of the method, these efforts reinforce the relationship between the organization's privacy and security officers, or even the IT director. These professionals need to coordinate and collaborate to maintain the security of sensitive data. Otherwise, they place their patients and other individuals at risk.

HIM professionals may feel unfamiliar with specific terms, of course, but this is natural. It isn't an issue, as they can work past their initial confusion with their IT counterpart. They're free to ask questions when they're unclear on a subject, learning more about their obligations as they manage issues of compliance.

As they refine their practices, organizations need to confirm that each individual understands their duties. According to Rose, “This is important because Organization A is going to do it a different way than Organization B... Interpretation of the requirements and the laws are also going to be a little different."

Alongside these adjustments, Angela Rose suggests that organizations include HIPAA privacy and security violations in their employee evaluations. By doing so, they'll emphasize the significance of information security and patient confidentiality. It's a small but necessary measure to enforce today's regulations.

Looking Toward The Future

The coming decade will bring new challenges in cybersecurity. As the number of cyberattacks continues to increase, HIM professionals will prove indispensable to the organizations they assist. With cross-departmental collaboration, they'll preserve the sensitive information of patients and meet HIPAA compliance.

That said, HIM professionals shouldn't remain idle as their organizations prepare. They need to research systems for data security and learn more about relevant technologies. Through their continued effort — and the support of their IT counterparts — they'll ensure the present and future protection of those they serve.

About The Author

Kayla Matthews is a MedTech writer whose work has appeared on HIT Consultant, Medical Economics and HITECH Answers, among other industry publications. To read more from Kayla, please connect with her on LinkedIn, or visit her personal tech blog at