Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

HIPAA: Infosec in Healthcare

From: "Tobia,Paul" <PTOBIA () cerner com>
Date: Tue, 2 Nov 1999 13:31:57 -0600 

This past Friday (10/29/99) President Clinton spoke about an initiative to
set federal standards regarding the privacy of medical information that is
stored electronically (http://www.whithouse.gov/WH/New/html/19991029.html).
This is directly related to the Health Insurance Portability and
Accountability Act of 1996 (HIPAA).

HIPAA is a federal law that in part sets a standard for the privacy and
security of individually identifiable medical information that is stored or
transmitted electronically.  HIPAA will have an effect on every security
professional that interacts with healthcare.  Whether you directly work for
a healthcare company, or you sell products or services to a healthcare
company, knowledge of the standards set by HIPAA is important.

What follows is a brief history of HIPAA, explanation of the future of
HIPAA, and many links to get the raw information about HIPAA.  

HIPAA required Congress to enact comprehensive national medical record
privacy standards by Aug. 21, 1999. If Congress was unable to meet that
deadline, HIPAA required the Secretary of Health and Human Services (HHS) to
issue final regulations by Feb. 21, 2000.  Congress has failed to set any
standards required by HIPAA so HHS is stepping in.  Clinton announced the
latest HHS proposal last Friday.

All HHS proposals from the recent privacy plan to security and electronic
signature standards can be found at their website
(http://aspe.hhs.gov/admnsimp/).  These proposals will most likely become
law sometime in early 2000 and will need to be fully implemented 2 years
after that.

I highly recommend reading the Security and Electronic Signature Standards,
which can be found at the HHS website or in the federal registry of August
12,1998: 

http://erm.aspe.hhs.gov/ora_web/plsql/erm_rule.rule?user_id=&rule_id=62
http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=1998_register&doci
d=98-21601-filed.pdf

This proposal sets standards for information security policy, procedures,
and technology for facilities that handle identifiable electronic medical
information and contains a good reference to other similar standards.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Paul R. Tobia, Network Security Engineer
Cerner Corporation
"The art of war teaches us to rely not on
the likelihood of the enemy's not coming,
but on our own readiness to receive him."
                 The Art of War - Sun Tzu
Previous By Date Next
Previous By Thread Next

Current thread: