HIPAA Pain: How To Cope

  /     /     /  
Publicated : 22/11/2024   Category : security

HIPAA Pain: How To Cope


Although providers worry about hugh fines for leaking patient data, keeping this information secure isnt that hard--but it soon will be.




Download the entire September 19, 2011 issue of
InformationWeek Healthcare
, distributed in an all-digital format as part of our
Green Initiative
(Registration required.)
We will plant a tree for each of the first 5,000 downloads.
As information technology pervades every aspect of healthcare, complying with federal regulations on patient privacy and security is becoming an even bigger issue.
More often than not, its human error and process mistakes--not the technology itself--that have caused the biggest HIPAA violations. Earlier this year, the Department of Health and Human Services began listing health data breaches affecting 500 or more individuals on www.hhs.gov. As of late August, 306 HIPAA violations were listed on HHSs Hall of Shame site, most of them involving stolen or lost computers, USB drives, or documents, not hacking or snooping.
In one of the largest penalties so far since the revised HIPAA rules were signed into law under the HITECH Act in 2009, Massachusetts General Hospital in February was fined $1 million to settle what HHS called potential HIPAA violations related to the loss of paper documents listing names, appointments, and other information for 192 patients of Mass Generals infectious disease outpatient practice. A Mass General employee commuting to work left the documents on a train.
According to HHS, the governments investigation of the incident indicated that Mass General failed to implement reasonable, appropriate safeguards to protect the privacy of PHI when removed from Mass Generals premises and impermissibly disclosed PHI potentially violating provisions of the HIPAA Privacy Rule.
How IT Departments Are Coping
The revised HIPAA regulations have forced IT organizations to put more emphasis on data in transit, says Mony Weschler, director of ancillary informatics at Montefiore Medical Center in New York. When it comes to electronic communications with patients, its not just as simple as cutting a report and emailing it. You cant do that, Weschler says. Rather, healthcare providers need to set up secure passwords and IDs, and then provide patients with links to patient portals to pull reports up, he says.
Securing patient data on mobile devices--which are at the center of many of the data breaches reported on the HHS site--isnt an issue for Montifiore. We dont store patient data on devices like smartphones and iPads.
Unfortunately, securing doctor-patient communication isnt the only HIPAA issue keeping IT managers up at night. Any data exchanged among clinicians also has to be secure.
Dell, through its Perot services unit, offers products and services to address those needs. Its cloud-based services, for instance, can encrypt medical images three ways, before, during, and after transmission, says Dave Marchand, Dells health and life sciences CTO.
To read the rest of the article,
Download the September 2011 issue of
InformationWeek Healthcare

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
HIPAA Pain: How To Cope