The Joint Commission (TJC) is an impartial, not-for-revenue business, The Joint Commission accredits and certifies much more than 17,000 well being care organizations and applications in the United States.
The TJC has lately updated and expanded its info administration (IM) accreditation requirements for health care organizations. New readiness requirements for info administration and IT risk administration are necessitating hospitals to rethink how they safeguard and safe delicate info, audit, and enhance continuity of operations and disaster recovery preparing.
To maintain and make accreditation, organizations must have an extensive on-site evaluation by a team of Joint Commission health care professionals, at least as soon as each and every three years. The objective of the evaluation is to evaluate the organization’s overall performance in areas that impact care. Accreditation may then be awarded based on how nicely the organizations satisfied Joint Commission requirements.
A hospital’s IT infrastructure is at the foundation of delivering quality care. TJC acknowledges this in the improved info administration readiness requirements. Amongst many other subjects, TJC specifically addresses three key areas of IT risk administration in the new IM requirements. These consist of:
Affected person record safety
System safety from intrusion and data tampering
Continuity of operations and disaster recovery abilities
3 Key Readiness Standards.
Strategy for Continuity of IM Processes (IM.01.01.03)
The business must have a written plan for managing interruptions to its info processes (paper-based, electronic, or a combine of paper-based and electronic). The hospital’s plan for managing interruptions to info processes must deal with the subsequent:
Have a back again-up of electronic info systems
Strategy for interruptions of electronic info systems
Provide instruction for employees and certified impartial practitioners on alternate methods to follow when electronic info systems are unavailable
Establish a plan to deal with interruptions to info processes is tested for usefulness in accordance to time frames outlined by the hospital
Implement its plan for managing interruptions to info processes to maintain access to info required for patient care
Protect Privacy of Well being Info (IM.02.01.01)
Use well being info only for purposes as needed by legislation and regulation or further limited by its policy on privacy
Disclose well being info only by authorization from the patient or as or else consistent with legislation and regulation
Keep track of compliance with its policy on the privacy of well being info
Maintain Security & Integrity of Well being Info (IM.02.01.03)
Protect against unauthorized access, use, and disclosure of well being info
Protect well being info against loss, harm, unauthorized alteration, unintentional alter, and accidental destruction
Control the intentional destruction of well being info
Keep track of compliance with its policies regarding the safety and integrity of well being info
TJC’s move to enhance its info administration readiness requirements is consistent with the expanding number of ID theft incidents and regulatory pressures from many government and personal resources. A typical hospital, for example, is subject to HIPAA regulations, PCI compliance (credit card), and often Sarbanes Oxley.
The Typical Denominator
Typical among these regulations and other info safety very best apply requirements is the need to safeguard all patient, credit card and other private data from intrusion, tampering, and theft at all times.Musical Instruments