May 27, 2025
It used to be that ODH surveys focused on
wound care, staffing ratios, and infection control. But lately, I'm hearing
from administrators across Ohio: "They're asking about passwords now."
And it's true. ODH, CMS, and accrediting
bodies are quietly raising the bar on cybersecurity expectations.
"The best time to fix the roof is when
the sun is shining."
—John F. Kennedy
What's New in ODH Inspections
- Role-based access checks: Are you
limiting EHR access based on job duties?
- Incident documentation: Do you have
written protocols and logs for cyber events?
- Training logs: Can you prove your
staff completed HIPAA or phishing awareness education?
A 2025 bulletin from the Ohio Department of
Health confirmed that IT policies and risk mitigation steps will now be
reviewed "as part of a facility's overall operational safety."
Real Story: A Near Miss
One administrator shared that during an
inspection this spring, a surveyor noticed multiple staff members logged into a
shared kiosk—without unique credentials. That triggered a deeper review, which
nearly resulted in a citation.
"The difference between good and great
organizations is often the distance between knowing and doing."
—Jim Collins
What You Can Do This Week
- Check your staff login process—are credentials being shared?
- Review your IT incident response plan—does everyone know where
it's stored?
- Keep a 1-pager by the admin desk listing who to contact for
cyber incidents.
Don't wait for the knock on the door to get
your digital house in order.
Interested in a conversation or want to learn more? Call us or email [email protected].
