With all the main stream media and press coverage of security and privacy breaches, what should health care organizations be doing to prevent potential regulatory enforcement?

We’re seeing clients across North America dust off their HIPAA policies/procedures and related state regulations with renewed interest.  Identity theft, hacking, and paper records are presenting real cultural problems for facilities.  It’s been 5+ years, and folks are lax in their discipline to protect routine information.  Just sit and listen in waiting rooms or registration areas if you want a sample.  Anecdotes become data.  The better positioned clients have taken a fresh pair of eyes approach to annual audits and developed an Information Governance Committee to look at all aspects of privacy and security.  Information Governance may be a new term in the states, but it is widely known in the United Kingdom where the roots of privacy protection began more than a decade ago.  Information Governance umbrellas HIPAA, Red Flag Rules, state statutes, and the like and really focuses facilities on the number of potential breach points that e-health records, paper bills, associate agreements, etc. present to today’s evolving care delivery systems.