| |
| Thought Paper |
| |
HIPAA Security Final Rule |
| |
| Abstract |
In the past decade, worldwide, there have been several initiatives for the automation of Healthcare
Information Management. Health Care Organizations (HCOs) are developing and/or implementing
software applications to handle critical and individually identifiable health and healthcare data of their
customers. HCOs have implemented applications to manage and provide access to health
information. Various mechanisms like electronic records, data repositories, networking, and internet
access are employed for data collection, storage, and delivery.
This automation, including web-enablement, has increased concerns of the Government and the
healthcare industry about the integrity and confidentiality of healthcare data. The threat to confidentiality arises from factors such as illegal access, hacking, or interception during data transmission.
The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) deal with the requirement of establishing national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. It also addresses the security and privacy of health data.
Standards and measures for securing protected health information (PHI) data are discussed in the HIPAA Security Final Rule. Covered entities under HIPAA including health plans, health care providers, and health care clearing houses need to ensure compliance with the HIPAA Security Final Rule by April 20, 2005.
This white paper discusses the HIPAA Security Final Rule and its comparison with the proposed
rule. A robust framework for ensuring compliance with the HIPAA Security Final Rule is also
described.
|
