It seems like health care is on everyone’s mind. Not just because we are trying to protect our health, but because for many of us, it’s time to examine choices about our health insurance options for the coming year. And this serves as a reminder of the importance of safeguarding protected health information used in direct marketing programs.
Our Information Security team is well aware of the prevalence of protected health information (PHI) and the importance of ensuring its confidentiality. One of the big topics in our annual security awareness training this year was the Health Insurance Portability and Accountability Act (HIPAA). As I noted in my recent blog post, many in our organization were surprised at the breadth of information covered by these regulations and remarked to me how enlightening they found this training. Courses like this are just one example of the efforts of our security team to fulfill our responsibilities to our customers as they relate to protected healthcare information.
Many clients in highly regulated industries such as health care are seeing the benefits of including direct mail in their marketing strategies (for an example of how we can help with this, see our Healthcare Case Study). But as we all know, a key component of any great partnership is trust. As a third party vendor to our customers, the security demands placed upon them also extend to us. This means we must continuously endeavor to prove that we take security just as seriously as they do.
That’s why our security team strives to stay on top of not only our customers’ requirements, but regulations both new and old. This, of course, includes HIPAA. Thankfully, we’ve found a lot of overlap between this regulation and the other standards we maintain such as the Payment Card Industry Data Security Standard (PCI DSS) and ISO 27001. And for all the ways HIPAA has separate requirements, we have a knowledgeable team committed to ensuring we know our stuff as it relates to our protected health information responsibilities. This includes conducting internal audits of our organization to evaluate and ensure our HIPAA compliance efforts are appropriate.
Those of us in the information technology field know that information security is a persistent effort, which is why we’re doing our due diligence in health information security. With all the flu warnings I’ve heard this season, that’s a very good thing.
Subscribe to SpeakingDIRECT to have new articles delivered to your inbox as they post. We promise to keep it fresh and interesting.