Susan Clark, Senior Director of Program Development, DirectTrust
LinkedIn: Susan Clark
Clark on Connecting
Just as there are what I like to call Clonnections between people, there are also likely Clonnections between previous jobs or responsibilities that you had no idea would apply to what you’re doing now. At least, that is what’s happening to me at DirectTrust.
I’ve been thinking a lot lately about the decade I spent at Purdue University, including five years at the Purdue University Student Health Center. When I started, I was taking copays from patients and coding claims. Fast forward several years, and I was Health Information Management Director. Along the way I learned many things that are relevant now or have been relevant to me, including release of information, identity, international cultures, EHR implementations, supervising a large staff, and immunization records and compliance. But the two I want to focus on today are on learning to be a HIPAA compliance officer and emergency preparedness planning.
In terms of HIPAA training, I didn’t realize at the time that I had the most incredible opportunity to learn from the university’s HIPAA compliance officer. As it happened, the university HIPAA officer was housed in our building. I learned everything about HIPAA privacy and security from her. I learned how to develop, implement, and maintain HIPAA policies and how to perform risk analyses and auditing functions.
This was before any Meaningful Use incentives, and I didn’t find out until later that hardly anybody had that depth of HIPAA experience in healthcare practices yet. Before coming to DirectTrust, I also consulted on HIPAA policies and subcontracted on developing privacy policies for companies going for HITRUST certification. That knowledge also helped me obtain AHIMA certification, which led to 15 years of volunteering and ultimately has contributed to the expertise needed to run for president of the organization.
Fast forward to now, and what I do at DirectTrust on a daily basis directly relates to what I learned years ago. We do accreditations for privacy and security and for HITRUST certification. I talk to folks about why accreditation is important, and I understand what they’re doing in order to achieve that accreditation. I also can relate to other people who are maintaining a compliance program. That knowledge is super, super valuable, especially given the healthcare cybersecurity headlines right now.
At the Purdue University Student Health Center, I also learned a lot about emergency preparedness, which is critically important to hospitals, providers, vendors, and the business associates that support the industry. During this time, H1N1 and bird flu (sound familiar?) were making headlines, and I had the opportunity to work with the university and the county on emergency management plans.
We planned for mass casualties, plotted alternative sites of care, and brainstormed responses to other potential disasters so we could formulate solid plans to deal with the various potential contingencies. And that evolved into full business continuity, which includes, but extends far beyond, cybersecurity and HIPAA concerns. That was an awesome experience because I worked with a broader community, across campus and across the county.
DirectTrust recently announced a 60-day period of public comment and review of draft criteria for our new Emergency Preparedness Accreditation Program, part of a strategic partnership with CAIPHI. The program includes emergency preparedness policies, procedures, and guidance for the healthcare provider types covered by the provisions of the CMS Emergency Preparedness Rule: hospitals, critical access hospitals, hospice, long-term care, and rural emergency hospitals. The goal is to help hospitals improve their policies, practices, and processes, with an eye toward accreditation.
I’m excited to work in this emerging area while using knowledge and skills I learned long ago. That’s how personal Clonnections are made.