Intranet Journal   Earthweb  
Events Jobs Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts

   Intranet Journal Subjects
Search Earthweb

Privacy Policy



internet.com
IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

internet commerce
Be a Commerce Partner
















 

[ Home | Discussion Forum | How Do I... | Lotus Notes Intranets | Microsoft SharePoint | Products | Shopping  ]

free news!


HIPAA 101

Laura Taylor
11/29/2002

Go to page: 1  2 

Printer Friendly Version

HIPAA (Public Law 104-91) stands for the Health Information Portability and Accountability Act and the goal of this regulation is to protect personal information about consumer health records. HIPAA is a regulated by the U.S. Department of Health and Human Services and has vast information security ramifications for healthcare providers and their affiliate organizations. The original HIPAA deadline was October 15, 2002, however, qualified organizations who filed an extension have until April 14, 2003 to comply. Small healthcare providers have until October 16, 2003 to comply.

Where Did HIPAA Come From?
HIPAA was enacted by Congress and signed into law by President Clinton on August 21, 1996. The goal of HIPAA is to ensure that healthcare providers secure electronic records about patients in the same manner that hardcopy records are secured. By securing records, the healthcare industry can improve their level of services since improved security will lead to greater adoption of electronic transactions. One of the reasons that HIPAA was enacted was because the U.S. Federal Government wants all Medicare transactions to occur electronically by October 16, 2003. Before Congress could mandate patient records surrounding Medicare occur electronically, the security and privacy of patient records needed to be guaranteed.

Congress enacted HIPAA in response to the growing use of the Internet and electronic transactions. HIPAA is a privacy law to protect consumers from having their personal health information exploited by insurance companies, employers, and anyone else who may try to exploit, disclose, or publish their personal health information. In the Federal Register, HIPAA is more informally known as the Privacy Rule.

HIPAA is far more complex than the Year 2000 date problem that information technology administrators faced in 1999, and that is why there are few guidelines available and few organizations providing compliancy services.

Impact of HIPAA
HIPAA is not only good for consumers, it is also good for healthcare providers. By complying with the due diligence that HIPAA requires, healthcare providers can reduce the risk of litigation and help build patient loyalty. If records are secured properly, it reduces their risk of being stolen or viewed by people who aren't working in the best interest of the patient.

A wide variety of people and organizations are affected by HIPAA including:

  • Hospitals
  • Doctors
  • Dentists
  • Medical Labs
  • Pharmacies
  • Pharmaceutical Companies
  • Health Insurance Providers
  • Consumers

There are both civil and criminal penalties possible for non-compliance and the Department of Justice has the discretion on how stiff to make the penalties. The maximum is $100.00 per violation. That may not sound like much but if a database of 10,000 patients gets inadvertently exposed to an insurance provider, the penalties add up quickly.

Help for HIPAA Audits
There are only a handful of auditing tools that can help organizations become HIPAA compliant. These tools have not been certified and using them is no guarantee that all HIPAA compliances will be met. However, these tools do have built-in HIPAA modules and if used properly can help reduce the risk of failing a HIPAA audit. These tools include:

  • RiskWatch
  • XACTA
  • RiskPAC

Healthcare providers will need to conduct a Security Audit, a Privacy Audit, and an online penetration test so that they can put together a list of items requiring corrective action. Conducting security and privacy audits mean that all the current policies and procedures are reviewed an analyzed for deficiencies. In this short article, it is not possible to go over the extent of everything that you'll need to do to help your organization become HIPAA compliant, but here are some tasks that should definitely be on your list to help you get started.

Tasks Related to System Security

These tasks will help ensure that systems, data, and networks are secured properly:

  • Make sure you have procedures for data backups
  • Make sure you have an authentication mechanism that verifies user identity
  • Make sure you have policies and procedures for user authentication
  • Make sure you have encryption policies and procedures for record transactions
  • Ensure that policies and controls exist to monitor data integrity
  • Verify that anti-virus tools exist to prevent data corruption and tampering
  • Ensure password policies are documented and understood by all users
  • Procedures for handling electronic media (CDs, tapes, cartridges) should be documented

Go to page: 1  2 

Printer Friendly Version
Of Interest
Intranet eXchange Discussion Board

email this page

Tutorials
and more at:
Intranet Journal's Tutorials
Intranet Journal Favorites

Creating a PHP-Based Content Management System

The Spyware Guide

Introduction to Microsoft SharePoint Portal

Intranet Journal
Part of the EarthWeb Network

Managing Editor
Intranet Journal
Tom Dunlap

EarthWeb Home Page
Jupitermedia Home Page

Media Kit




The Network for Technology Professionals

Search:

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers

Solutions

Whitepapers and eBooks

Microsoft Personalized Whitepapers and Resources for You
Article: Why Migrating from MySQL to SQL Server 2008 Makes Sense
Articles: Build a More Agile Business with IBM
Articles: IBM Offers Enhanced Measurement and Management for Energy Usage
Microsoft Article: Windows 7 Features Your Clients Will Need on Day One
Articles: IBM Helps Transformation to an Information-Based Enterprise
Microsoft Articles: Visual Studio 2010
Adobe Article: Java Developers Finding a Home at Adobe Flex
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Webcast: Connecting PHP to Microsoft Technologies
Video: Windows Azure Debugging Tips
 MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Ready. Set. Windows 7.
HP PartnerONE | SolutionsINFINITE Visit us at hp.com/partners/us
Microsoft Free Trials: Windows Server 2008 R2, Exchange Server 2010 and Windows 7
Get the Windows 7 SDK
 Free Trial: Red Gate SQL Backup Pro 6
Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Learn Unified Communications
BlackBerry Application Development Resources
Learn SQL Server 2008
Learn Windows Server 2008 R2
Internet.com Hot List: Get the Inside Scoop on IT and Developer Products
 Learn Forefront
Learn System Center
All About Botnets
Learn SharePoint
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES