Patient Information - The HIPAA Challenge
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 has fostered the use of electronic transactions, simplifying healthcare administration and reducing overhead. However, the...
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 has fostered the use of electronic transactions, simplifying healthcare administration and reducing overhead.
However, the computerization of patient records has created an increased security risk from various sources, such as intrusion attempts, unauthorized internal access and other security attacks. HIPAA therefore mandates security measures be taken to protect sensitive data, ensuring that only patients and their healthcare providers have access to patient medical information. According to the Final Rule of the Act’s Health Insurance Reform: Security Standards, HHS states:
“Section 1173(d) of the Act provides that covered entities that maintain or transmit health information are required to maintain reasonable and appropriate administrative, physical, and technical safeguards to ensure the integrity and confidentiality of the information and to protect against any reasonably anticipated threats or hazards to the security or integrity of the information and unauthorized use or disclosure of the information. These safeguards must also otherwise ensure compliance with the statute by the officers and employees of the covered entities.”
The Title II Administrative Simplification Security Rule states that specific security issues related to transmitting and storing patient data must be addressed. Safeguard initiatives where solutions must be implemented include:
To comply with HIPAA regulations and protect patient information, healthcare organizations need to update their legacy computer systems, ramping up their information security capabilities, and defining and implementing business processes that align with security objectives.
The HIPAA Security Standards do not specify particular technology requirements, so each affected healthcare organization must assess its own risk and develop security measures accordingly. Organizations must then certify their security programs through self-certification or by a private accreditation entity.
Source: Free Articles from ArticlesFactory.com
ABOUT THE AUTHOR
Katherine Janiszewski plays a crucial role as Marketing Manager of netForensics. Founded in 1999, netForensics is based on a culture of excellence and innovation. Their team of leading experts understands the ever-evolving security threat and compliance needs of today’s organizations, including HIPAA Data. For more information, visit netForensics.com.