Jay P. Anstine (firstname.lastname@example.org) is the Area Compliance Program Director for Banner Health’s Western Region Rural Hospitals based in Greeley, CO.
Previously in this column (see June and August 2018 issues), I mentioned that one way to overcome the challenge of gaining buy-in to your privacy and security program is through communicating business impact as part of your compliance message. To briefly recap, I define communicating business impact as embedding organizational consequences resulting from noncompliance. One way to communicate business impact is by leveraging the real world to illustrate those consequences. In the context of privacy and security, a Department of Health and Human Services Office for Civil Rights (OCR) settlement can provide valuable examples to which you can tie in consequences relevant to your organization.