Firewall Wizards mailing list archives
HIPAA: Infosec in Healthcare
From: "Tobia,Paul" <PTOBIA () cerner com>
Date: Tue, 2 Nov 1999 13:31:57 -0600
This past Friday (10/29/99) President Clinton spoke about an initiative to set federal standards regarding the privacy of medical information that is stored electronically (http://www.whithouse.gov/WH/New/html/19991029.html). This is directly related to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA is a federal law that in part sets a standard for the privacy and security of individually identifiable medical information that is stored or transmitted electronically. HIPAA will have an effect on every security professional that interacts with healthcare. Whether you directly work for a healthcare company, or you sell products or services to a healthcare company, knowledge of the standards set by HIPAA is important. What follows is a brief history of HIPAA, explanation of the future of HIPAA, and many links to get the raw information about HIPAA. HIPAA required Congress to enact comprehensive national medical record privacy standards by Aug. 21, 1999. If Congress was unable to meet that deadline, HIPAA required the Secretary of Health and Human Services (HHS) to issue final regulations by Feb. 21, 2000. Congress has failed to set any standards required by HIPAA so HHS is stepping in. Clinton announced the latest HHS proposal last Friday. All HHS proposals from the recent privacy plan to security and electronic signature standards can be found at their website (http://aspe.hhs.gov/admnsimp/). These proposals will most likely become law sometime in early 2000 and will need to be fully implemented 2 years after that. I highly recommend reading the Security and Electronic Signature Standards, which can be found at the HHS website or in the federal registry of August 12,1998: http://erm.aspe.hhs.gov/ora_web/plsql/erm_rule.rule?user_id=&rule_id=62 http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=1998_register&doci d=98-21601-filed.pdf This proposal sets standards for information security policy, procedures, and technology for facilities that handle identifiable electronic medical information and contains a good reference to other similar standards. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Paul R. Tobia, Network Security Engineer Cerner Corporation "The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him." The Art of War - Sun Tzu
Current thread:
- HIPAA: Infosec in Healthcare Tobia,Paul (Nov 02)