The Implications of ERM Approach to the Utilization of Health Information Exchanges and Patient Portals
Pros
Cons
Comprehensive mitigation
Prevents information silos
Collaborative
Facilitates better metrics
Benchmarking
Nimble and agile to respond quickly
Equips senior leadership
Challenges of scope
Overreliance
Contractual limits
Benefits larger structures
Reporting barriers
Hasty responses
Analysis paralysis
Ramifications & Recommendations
Many health information technology risk exposures today can be prevented with fundamental, straightforward technical interventions. Patient data communiction tools, particularly patient portal, can utlilize simliar security measures as other customer facing applications. Nevertherless, as a result of the unique privacy concerns regarding health data, best practices to ensure HIPAA compliance and ONC (Office of National Coordinator of Health IT) certification should be employed.
John Deutsch, contributor at FQHC.org, offers seven practical data security solutions to mitigate cyberthreats and technology risk:
1. Opt-in Consent
2. Role-Based Access Control
3. Zero-Trust Framework
4. Ecosystem Oversight
5. Multi-Factor Authentication and Password Protection
6. Encrypted Backups
7. Staff Training
Applying ERM Approaches With Health Information Exchanges (HIEs) and Patient Portals
| Strategic | Clinical | Financial | Human Capital | Legal | IT | Business | Hazard |
|---|---|---|---|---|---|---|---|
| Internal business growth | Clinical leader direction | High reliability tools | Training focus | Timely contracts | Listed solutions | Balanced processes | Strategic hazard planning |