With the rapid adoption of collaboration tools across industries, including heavily regulated markets such as healthcare, legal, and financial services, large organizations are facing increasing challenges in both the compliance and security of their communication content.
Compliance challenges in the healthcare industry
As scrutiny around the sale of complex healthcare products is heightened, organizations are increasingly facing new regulations aimed at protecting the consumer. The most recent one being the Centers for Medicare & Medicaid Services (“CMS”)’s new electronic communications recording, disclosure, and oversight rules, effective 1 October 2022.
These rules require third party marketing organizations (“TPMOs”) to record or capture any electronic communications of sales conversations about MA plans or Part D, which includes telephone calls on cloud phone systems and unified communications platforms such as Dialpad.
Additionally, CMS mandates the provision of specific disclaimer language during the first minute of a telephone call or within the relevant electronic communication. Our Director of Regulatory Intelligence, Stacey English has written extensively about the new CMS rules and regulations specific to electronic communications.
Security challenges for the healthcare industry with AI
If staying compliant weren’t a big enough challenge, CISOs and CIOs also have to deal with the exponential increase of the number of risk vectors within an organization. Chat, audio and video conferencing represent the most significant risk vectors in this new “work from anywhere” environment.
Managing the risks related to data leakage (both intentional and inadvertent), employee misconduct, data privacy, and regulatory risks pose challenges to organizations of every industry, and healthcare is no exception. Organizations have been rapidly adopting telemedicine and digital-based healthcare to serve remote patients or have the staff collaborate digitally. However, these platforms also open up avenues for inappropriate use of protected health information (PHI), inadvertent sharing of such information, and concerns over cybersecurity risks, like ransomware.
Written by Sacha Nacar,
Director of Alliances at Theta Lake