Information Security News mailing list archives
Re: Stimulus Package Includes New HIPAA Security Rules
From: InfoSec News <alerts () infosecnews org>
Date: Mon, 23 Mar 2009 03:20:50 -0600 (CST)
Forwarded from: Caspian Kilkelly <Caspian (at) random-interrupt.org> RE: HIPAA security rules- These rules are basically a bare minimum for compliance, and don't usually end up passing muster for other standards (IHE, HITTSP, HL7, the various ISOs, etc) which most hospital and care network administrators want to see. HIPAA is finally catching up with the rest of them, it seems. The simplified version of this is as follows- any company that produces EHRs or other patient data management, handling or creation systems should have an audit system built in, that can audit Patient information access and changes. This is a minimum for most specifications, and the only reason it gets missed at an application level is that designers and coders, or their bosses seem to think that the platform the app runs on should already have automatic logging. In any case, it shouldn't actually affect the cost of EHR or other Medical IT system adoptions, since this should already be baked in. Caspian Kilkelly (caspian (at) random-interrupt.org) InfoSec News wrote:
http://www.aafp.org/online/en/home/publications/news/news-now/government-medicine/20090318hipaa-security-rules.html By Sheri Porter AAFA News Now 3/18/2009 The recently passed federal stimulus package includes changes to federal health information privacy and security provisions under the Health Insurance Portability and Accountability Act, or HIPAA, that will affect physician practices. According to health care policy experts, however, the extent of that impact remains to be seen. The Health Information Technology for Economic and Clinical Health, or HITECH, Act, which is intended to promote widespread adoption of health IT, was incorporated into the American Recovery and Reinvestment Act of 2009, (Page 144; 407-page PDF; About PDFs) which was signed into law on Feb. 17. According to provisions in the legislation, physicians now will be required to track any disclosure of a patient's medical information. Previous regulations allowed physicians to disclose patient information for the purpose of treatment, payment or health care operations, but they were not required to track when that information was disclosed.
_______________________________________________ Best Selling Security Books and More! http://www.shopinfosecnews.org/
Current thread:
- Stimulus Package Includes New HIPAA Security Rules InfoSec News (Mar 20)
- <Possible follow-ups>
- Re: Stimulus Package Includes New HIPAA Security Rules InfoSec News (Mar 23)