Information Security News mailing list archives

Re: Stimulus Package Includes New HIPAA Security Rules


From: InfoSec News <alerts () infosecnews org>
Date: Mon, 23 Mar 2009 03:20:50 -0600 (CST)

Forwarded from: Caspian Kilkelly <Caspian (at) random-interrupt.org>

RE: HIPAA security rules-
These rules are basically a bare minimum for compliance, and don't 
usually end up passing muster for other standards (IHE, HITTSP, HL7, the 
various ISOs, etc) which most hospital and care network administrators 
want to see. HIPAA is finally catching up with the rest of them, it 
seems.

The simplified version of this is as follows- any company that produces 
EHRs or other patient data management, handling or creation systems 
should have an audit system built in, that can audit Patient information 
access and changes. This is a minimum for most specifications, and the 
only reason it gets missed at an application level is that designers and 
coders, or their bosses seem to think that the platform the app runs on 
should already have automatic logging.

In any case, it shouldn't actually affect the cost of EHR or other 
Medical IT system adoptions, since this should already be baked in.

Caspian Kilkelly (caspian (at) random-interrupt.org)

InfoSec News wrote:
http://www.aafp.org/online/en/home/publications/news/news-now/government-medicine/20090318hipaa-security-rules.html

By Sheri Porter
AAFA News Now
3/18/2009

The recently passed federal stimulus package includes changes to 
federal health information privacy and security provisions under the 
Health Insurance Portability and Accountability Act, or HIPAA, that 
will affect physician practices. According to health care policy 
experts, however, the extent of that impact remains to be seen.

The Health Information Technology for Economic and Clinical Health, or 
HITECH, Act, which is intended to promote widespread adoption of 
health IT, was incorporated into the American Recovery and 
Reinvestment Act of 2009, (Page 144; 407-page PDF; About PDFs) which 
was signed into law on Feb. 17.

According to provisions in the legislation, physicians now will be 
required to track any disclosure of a patient's medical information. 
Previous regulations allowed physicians to disclose patient 
information for the purpose of treatment, payment or health care 
operations, but they were not required to track when that information 
was disclosed.


_______________________________________________      
Best Selling Security Books and More!
http://www.shopinfosecnews.org/


Current thread: