Health Information Governance of 3rd Party Vendors


I love when my eyes are opened to an issue that I haven’t heard people talking about. That’s what happened when I heard Deborah Green from AHIMA say that health information governance includes your third party vendors. I’m not sure how many organizations realize this and treat it appropriately.

What’s ironic is that we definitely do this with HIPAA. This is particularly true in the HIPAA omnibus world. Healthcare organizations have a certain expectation around security and privacy when it comes to their third party vendors. It’s a major part of every RFP I’ve ever seen in healthcare.

Why then don’t we treat information governance with third parties the same as we do with HIPAA?

My guess is that some organizations do, but they haven’t really thought about it in this way. It’s an informal part of how they deal with third party vendors. For example, how are third party vendors storing your organization’s health data? Do they dispose of it properly? etc etc etc. These are all great health information governance questions that we’re asking ourselves, but are we asking our third party vendors these questions as well? Should we be asking them?

One challenge I think we face is that we assume that if we’re paying a vendor to do something, that the vendor is going to do it the right way. We assume that a paid service is going to be done in the best way possible. I’m sure your experience like mine is that just isn’t the case. Was it Reagan that said, Trust but verify? That seems appropriate in this instance.

What’s clear to me is that health data is going to become more and more valuable to healthcare organizations. Making sure you have a handle on that data is going to be an important part of ensuring your financial future. That includes making sure that your third party vendors use good health information governance principles as well.

About the author

John Lynn

John Lynn

John Lynn is the Founder of the HealthcareScene.com, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference, EXPO.health, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.

   

Categories