The importance of operational security in home health and hospice
How an organization handles sensitive data and the protections they put in place should be a significant consideration when choosing a partner. What are their security measures and how are they implemented to protect systems and data? Do they have the necessary certifications in place? These are important questions to ask when looking to outsource billing, coding and clinical documentation review services.
The operational side of security is often forgotten, especially for remote and offshore work. If you send cases to be coded in India, what kind of precautions has your partner put in place to ensure that patient information is secure?
From private health data to internal company information, operational security encompasses protecting any data that an adversary could use against you. This is becoming more and more important to consider, especially with a growing number of remote workers.
MatrixCare not only understands the importance of this approach to security, but also prioritizes it in our systems. We make efforts to utilize VPN when people are connecting to the internet and we perform yearly onsite audits to help make sure partners are complying with our security standards.
In this blog, learn about our security strategies – put in place to help efforts to protect our customers from these very real threats.
Aligning with partners on operational security
Information security is at the core of everything we do. We continuously evolve and innovate to proactively solve the complex challenges it brings and to help strengthen our defenses against these threats. While a business associate agreement (BAA) is legally required by HIPAA when sharing patient data, it does nothing to prepare you operationally — which is why we set our own security standards.
Before connecting with a new partner, we do our best to assess their current security. If we are not satisfied with their level of security, we either walk away from that potential opportunity or have them correct it before moving forward.
Once we forge new partnerships, the teams are encouraged to align and complete all employee security training. These security trainings include regular phishing simulations to help staff prepare and be ready to face the most sophisticated attacks.
A robust security framework
Our partners are assured that the information they send us is kept only for valid reasons and then destroyed. If our team feels like there’s been a security or privacy incident, we log it with our security team. The team fully investigates the issue, and then follows established protocols, including notifications to affected parties.
When looking for a new outsourcing partner, ask if they have security and privacy protocols and whether they can articulate them. Mistakes can happen, so be sure your potential outsourcing partner has a defined process in place for those moments.
Our security operations team works in conjunction with our information technology team for cohesive infrastructure, application development, project management and systems support, including a 24/7 security operations center (SOC), monitoring, ticket management and cloud security.
One of the most important components of our security program is the skilled internal and extended IT professionals who work to help ensure that our digital information is protected. These professionals work in areas such as:
- Security engineering
- Security architecture
- Cloud security architecture
- Security governance (which includes policy, standards and process)
- Security operations and monitoring
- Security risk management
- Security incident response planning
- Vulnerability management
- Regulatory compliance
- Project management (security-specific tool and process implementation)
When it comes to operational security, hope is never a strategy. Searching for a new partner means asking the right questions and preparing to implement effective security programs built to help protect your organization.
Want to learn more about our approach to operational security?
Jeremy Crow
Jeremy has been employed as the Director of Revenue Cycle Services since January 2020. He possesses extensive expertise in the Healthcare Information Technology field, specifically in Home Health and Hospice, spanning over 25 years. Throughout his career, Jeremy has collaborated with Fortune 20 and private equity companies, specializing in project management, training, consulting, custom technical services, and overall professional services operations. He has successfully overseen multinational teams, introduced new services, and facilitated the integration of acquisitions. Jeremy holds an MBA from Washington University in St. Louis and has been PMP certified since 2004.
See MatrixCare in action
Start by having a call with one of our experts to see our platform in action.
MatrixCare offers industry-leading software solutions. Thousands of facility-based and home-based care organizations trust us to help them improve efficiency and provide exceptional care.
© 2024 MatrixCare is a registered trademark of MatrixCare. All rights reserved.