Working with our clients we see similar difficulties in the small and larger organizations. The number one issue in almost every case is having educated, supported, resources available to manage and monitor the Privacy and Security activities and requirements of the organization. Training, monitoring, and regular analysis is what is required to stay on top of what is going on inside the organization and especially the flow of data in, around, and out of the organization.
So many of those trying to make it happen get the wide-eyed look of what some may say is fear, others confusion, and still others just call it zoned out. The things that they can’t get done to watch after Privacy and Security activity in their organization is a growing list of concerns.
The tide is changing where there appears to be more of a desire to address the needs. Now, they just have shortages of everything to actually do the work. The organizations we talk with daily (whether they engage us or not) all mention they have very little, if any, of the following:
- Training on how to do the work. There is plenty of training out there on what the law says and what you are supposed to accomplish but very little help on exactly how to get it done. Many folks are left to figuring out as they go.
- Time allocated to actually doing the work required. Even if they know what to do, the work of Privacy and Security is rarely their 1st, 2nd, or even 3rd priority. Sometimes it isn’t even in the top 10.
- Tools available to automate some, and manage all, of the work. There are many tools that can help with various compliance management requirements. Especially in the Security compliance arena. Many organizations have no budget allocated to purchase the tools. Or, if they have the tools they have no time allocated to properly implement and utilize the tools.
It is easy to see that things can feel overwhelming if you are trying to figure out what you are supposed to be doing with limited time and limited tools. As we head into the end of summer and beginning of budgeting and planning season start to build a plan. In the age of a breach-a-day news stories it isn’t something to put off another year. At least, make it part of the discussions now so things are on the table when the time comes soon. Budget for training, tools, and look at resources that can be used to do part of the work.
Make it part of the discussion for all planning sessions and then you can get in the zone instead of zoned out!
Filed under: HIPAA Tagged: Budget, Documentation, Training