The compliance work we're kicking off this Summer includes:
*An enhanced encryption program to ensure all personal laptops/tablets that access hospital systems are encrypted.
*An enhanced mobile/BYOD program that ensures all personal smartphones that access hospital systems are password protected, have timeouts, and encrypted as technology permits
*An enhanced learning management infrastructure so that every person in the BIDMC ecosystem can be held accountable for completing training requirements, including security and compliance topics. Creating this infrastructure requires a new level of identity management that captures roles and characteristics for employees, volunteers, board members, and contract workers.
*Enhanced Conflict of Interest reporting including the management tools needed to followup on any disclosed conflicts
*A comprehensive audit of our security program and polices - where are we "standard practice" and where are we "best practice". What gaps do we need to close?
Earlier this week I submitted my capital requests for FY13 and over one third of my budget is for security and compliance related projects.
I've dubbed June 21-Sept 21, 2012 as the "Summer of Compliance". My hope is that we'll enter the Fall with reduced risks and a technology foundation that not only meets our regulatory needs but also further ensures we respect the privacy preferences of our patients.