Re: [ISN] Stimulus Package Includes New HIPAA Security Rules

From: InfoSec News <alerts_at_private>
Date: Mon, 23 Mar 2009 03:20:50 -0600 (CST)
Forwarded from: Caspian Kilkelly <Caspian (at) random-interrupt.org>

RE: HIPAA security rules-
These rules are basically a bare minimum for compliance, and don't 
usually end up passing muster for other standards (IHE, HITTSP, HL7, the 
various ISOs, etc) which most hospital and care network administrators 
want to see. HIPAA is finally catching up with the rest of them, it 
seems.

The simplified version of this is as follows- any company that produces 
EHRs or other patient data management, handling or creation systems 
should have an audit system built in, that can audit Patient information 
access and changes. This is a minimum for most specifications, and the 
only reason it gets missed at an application level is that designers and 
coders, or their bosses seem to think that the platform the app runs on 
should already have automatic logging.

In any case, it shouldn't actually affect the cost of EHR or other 
Medical IT system adoptions, since this should already be baked in.

Caspian Kilkelly (caspian (at) random-interrupt.org)

InfoSec News wrote:
> http://www.aafp.org/online/en/home/publications/news/news-now/government-medicine/20090318hipaa-security-rules.html
> 
> By Sheri Porter
> AAFA News Now
> 3/18/2009
> 
> The recently passed federal stimulus package includes changes to 
> federal health information privacy and security provisions under the 
> Health Insurance Portability and Accountability Act, or HIPAA, that 
> will affect physician practices. According to health care policy 
> experts, however, the extent of that impact remains to be seen.
> 
> The Health Information Technology for Economic and Clinical Health, or 
> HITECH, Act, which is intended to promote widespread adoption of 
> health IT, was incorporated into the American Recovery and 
> Reinvestment Act of 2009, (Page 144; 407-page PDF; About PDFs) which 
> was signed into law on Feb. 17.
> 
> According to provisions in the legislation, physicians now will be 
> required to track any disclosure of a patient's medical information. 
> Previous regulations allowed physicians to disclose patient 
> information for the purpose of treatment, payment or health care 
> operations, but they were not required to track when that information 
> was disclosed.


_______________________________________________      
Best Selling Security Books and More!
http://www.shopinfosecnews.org/
Received on Mon Mar 23 2009 - 02:20:50 PDT

This archive was generated by hypermail 2.2.0 : Mon Mar 23 2009 - 02:26:53 PDT