A new survey from PricewaterhouseCoopers allows insurers to see how their privacy programs stack up against competitors in terms of design and operations.
PwC surveyed 370 privacy professionals nationwide with top-down program responsibilities ranging from board members to staff implementing the HIPAA Privacy Rule, to help healthcare organizations balance data protection with data innovation.
PwC's findings suggest best practices to achieve the twin goals of regulatory compliance and creative data use, including:
Leadership: Most privacy leaders hold the titles of general counsel or chief privacy officer and have direct line reporting relationships to the chief executive or chief compliance officer.
Board communications: Fifty-four percent of directors surveyed rely on in-house communications to stay abreast of privacy program developments. However, 47 percent reported awareness of privacy issues but not their impact, while 13 percent didn't feel aware of privacy issues whatsoever.
Issue elevation: Roughly 39 percent of respondents reported privacy issues to the board annually, with 23 percent raising issues quarterly. Practitioners consider recent privacy incidents the most important board reporting issue, followed by how these incidents affect reputation and brand.
Operations: Fifty-seven percent of practitioners prefer to use funding to tweak privacy processes and boost efficiency of existing programs rather than expanding them.
Business partner oversight: Most respondents validate business partners' privacy controls during contract negotiations.
Using customer comments: Although some customers remain unaware of how to assert their privacy rights, respondents said customers are beginning to offer privacy program feedback by phone, website and email. This development follows customer privacy rights advocates endeavoring to help people understand and take advantage of HIPAA protections, FierceHealthIT previously reported.