Challenges for Information Security: Are You Prepared?
In 1996, the Health Insurance Portability and Accountability Act was passed with provisions subtitled Administrative Simplification. The goals of the legislation are to reduce the administrative costs of healthcare, to develop standard transactions for consistency industry wide, to require broad security and disaster recovery protections for “individually identifiable healthcare information”, to promote confidentiality of patient records and to provide an incentive for the healthcare companies to communicate electronically. The result should lead to greater efficiency and effectiveness of healthcare systems through the development of a health information system with established standards and requirements for the electronic transmission of health information. HIPAA is the first ever national regulation on medical privacy and is the most far-reaching federal legislation involving health information management affecting the use, release and transmission of private medical data. Health care providers will need to be in compliance with HIPAA as penalties are significant for non-compliance.
Today, health information is accessed from multiple locations by multiple healthcare providers or health plans. Along with this great promise, however, come increased threats in terms of privacy and security of medical information. HIPAA promotes adoption of lower cost Internet technology. The Internet will probably be the platform of choice in the near future for processing health transactions and communicating information and data. Therefore, information security is of paramount importance to the future of any health care program.
HIPAA has important implications for all healthcare providers, payers, patients, and other stakeholders. The Administrative Simplification standards are lengthy and complex, with immediate impact being placed on the following areas:
-
Technical practices and procedures to insure data integrity, security, and availability of healthcare information
-
Privacy regulation and the confidentiality of patient information
-
Standardization of electronic patient administrative and financial data
-
Unique identifiers for providers, health plans, and employers
-
Changes to most healthcare transaction and administrative information systems
HIPAA impacts every healthcare organization from the largest health plan to the smallest physician practice.