Healthcare privacy experts are in demand, and a tech pro with strong analytical and interpersonal skills has the potential to cross industries and enter the healthcare field. No transition is without its challenges, however. For starters, most positions related to healthcare privacy require you become HIPAA-certified in data privacy and security. But considering the growing need in a booming industry, the time and effort necessary to lock down such a certification could be worth it.
Operations and Processes
The role of privacy in healthcare has changed significantly since the HIPAA Privacy Rule went into effect. And since the passage of the HITECH Act in 2009, it’s become critical for privacy experts to not only understand applicable regulation and laws, but also how rapidly evolving technology can create new vulnerabilities in healthcare-data storage. (If you’re not detail-obsessed, passionate about security and privacy or don’t have a general interest in the overall space, a privacy-in-healthcare position may not be best for you.)
Danika Brinda, founder of healthcare-privacy consultant TriPoint Healthcare Solutions, stressed that it’s critical for an expert to know how to apply detailed and complex federal and state regulations and requirements to the specific privacy needs of a particular organization.
The biggest blocker for someone without much experience in healthcare IT, she added, “is not having the operational know-how to pull off the connection between regulations and processes.” An expert in healthcare privacy needs to understand the operations aspect of the job, “which means understanding how that organization works, how it functions and how it does what it needs to do to support the business.”
Software Agnostic and Data Friendly
Don’t worry about learning specific software applications. According to Christine Sublett of Sublett Consulting, which advises on privacy and compliance issues, knowing the ins and outs of a particular platform is secondary to understanding how the underlying technology works: “You need to understand technical concepts that may already be familiar such as encryption, data loss prevention products and log aggregation, as well as, SIEM products, IAM products / practices (identity/access management), etc.”
With countless end-users in any given system, “Big Data” also plays a role. Privacy experts must analyze how to best protect massive datasets, especially if said datasets are constantly evolving, with rapidly increasing numbers of inputs and outputs.
With any healthcare organization, the first question is always which privacy and security controls need to be implemented in order to safeguard information, but there are other queries that can illuminate potential risks:
- How can you determine that the data that’s maintained is being kept private?
- How do you ensure that the data you are receiving hasn’t been altered in transit?
- How do you ensure that the EHR and other healthcare data systems are available when you need them to provide patient care?
While more tangible organizational and technical aptitudes are essential, having excellent interpersonal skills is a requirement. Both Brinda and Sublett noted that privacy pros interact with many different parts of any organization, including legal, sales, HR, executive management, compliance, internal audit, security, IT and engineering. Some form of rapid, detailed communication will happen every day, so you have to be able to converse and write fluently in order to keep everyone on the same page with regard to privacy and security compliance.
Some employers want their experts to have in-depth knowledge of very specific healthcare specialties. Steve Epstein, director and co-founder at mHealth Global Applications, suggested that desirable capabilities have HIPAA compliance audit experience, as well as knowledge of clinical trial data security, medical testing device protocol, billing systems and image storage and retrieval systems. Basic familiarity with popular generic drugs for common chronic conditions is another plus.