|
|
|
In response to the 1996 Health Insurance Portability & Accountability Act
(HIPAA), many health care organizations have begun replacing paper records with
electronic medical records (EMRs). The key passage in HIPAAs Privacy standard
is Section 142.308 of the Subpart CSecurity and Electronic Signature Standards
which stipulates health care organizations must meet the technical requirements
that guard data integrity, confidentiality and availability. These requirements
include access control, authorization control, data authentication, user
authentication, data encryption and audit controls.
At the same time, health care providers face legal and
civil penalties for failing to comply with HIPAA. These penalties can be
daunting: fines of up to $250,000 and terms of imprisonment of up to ten years.
Given the dramatic impact of all of these scenarios, its imperative for health
care organizations to implement processes and technology to prevent any
potential liability due to non-compliance. These include:
- Developing a security and risk management
strategy
- Creating a comprehensive privacy strategy
- Creating security awareness programs to educate
employees
- Devising plans for network resiliency in the
event of a cyber terrorist attack
- Best practices planning for network security
with particular emphasis on HIPAA security requirements
|
|
|
