|
|
|
Security Focus: : White Papers: Roadmap to HIPAA Security Compliance
Interprise Security Group, Inc.
Overview
The Healthcare Insurance Portability and Accountability Act of 1996 was created in part to provide
healthcare consumers with confidence in the security and personal confidentiality of their health
related information. The security provisions of HIPAA describe requirements for protection of all
information that contains personal consumer information, in addition to network and corporate security
policies and procedures. These provisions outline implementation independent requirements, leaving
the detailed mechanisms for meeting the requirements open to interpretation. In August of 1999,
President Clinton and the Secretary of Health and Human Services outlined specific civil punishments
for each incident where personal information is intentionally or accidentally released. In addition,
they also described a timeline for compliance, with a final compliance deadline for the security
provisions in late 2002.
Currently the separate provisions of HIPAA are in final review, and are expected to be published over
the next several months. Unlike the Year 2K scenario, there is no doubt that preparation is needed
to ensure compliance by the final deadline. Estimates of the cost to the Healthcare Industry to meet
the requirements of HIPAA range from $8,000,000,000 to a high of $43,000,000,000, but proper analysis
and implementation of solutions to meet these requirements will help to minimize the total costs.
Many organizations may already comply with some of the proposed requirements of the security
provisions, or may have started to develop a timeline to meet the deadlines. Interprise Security
Group, Inc. is uniquely positioned to ensure that whatever your current situation, your organization
will effectively and efficiently comply with the requirements of HIPAA by the compliance deadline.
Why ISG?
Interprise Security Group has leveraged our extensive knowledge of both the security industry and the
enterprise application integration industry into a complete and detailed process for helping your
organization build a Roadmap to HIPAA compliance. We have more than 20 years of security experience,
in addition to delivery of more than thirty enterprise application integration solutions in healthcare
and other business to business environments.
We have analyzed the current and proposed requirements HIPAA places on the healthcare organization,
and developed a step by step process to not only assess an organization�s current compliance state,
but to also provide recommendations for your remaining security needs. Once customized for your
organization, our Roadmap will lead you step by step towards successful integration of HIPAA
requirements, and your business operations.
Why Now?
The Y2K process is fresh in our minds, and some lessons can be learned from how the scenario was
handled by most organizations. The very root of the situation was created by lack of vision-designers
and developers in the past never imagined that the systems they produced would be around in the next
century, and took shortcuts during implementation of their applications. While the process undertaken
to ensure Y2K compliance may in hindsight appear to have been overkill, there are several fundamental
differences between the requirements of HIPAA and the fears the Y2K bug brought upon us:
Existence
Many now believe that the Y2K situation was blown out of proportion. This may very well be true, but
the requirements outlined in the security provisions of HIPAA are not only good business sense, but
they will also be required by law. We feel it is fundamentally important that organizations that fall
under HIPAA not allow budgeting and resource management backlash from their experiences with the Y2K
process to affect their positions on HIPAA compliance.
Timeline
Some organizations were hampered by budgeting constraints in their attempts to become Y2K compliant.
The HIPAA compliance timeline allows visionary organizations to smoothly and efficiently meet the
security requirements with minimal cost and impact on operations, but only if those organizations act
proactively.
Opportunity
Beginning the Roadmap to Compliance early is the best time to ensure that all of your needs will be
met. As HIPAA compliance deadlines approach, many companies may find themselves without available
partners to aid their process. By bringing Interprise Security Group into your compliance solution
from the beginning, you will ensure that the security resources required to meet the HIPAA deadlines
will be recognized and allocated.
Efficiency
Compliance with the HIPAA security provisions may not be an easy task. Depending on the current
status of your security posture, it may take an extended period of time to incorporate a compliant
security posture into your existing business operations. With a detailed plan for achieving compliance,
you can maximize your resource effectiveness by starting strong and early. A customized Roadmap will
help you ensure that every requirement within the security provisions will be covered, without wasting
time and money discovering problems along the way.
What's Next?
Internal Risk Assessment
Most organizations have already begun HIPAA compliance risk assessments, according to a survey taken
by HIPAAlert, an organization dedicated to helping organizations monitor the HIPAA requirements, which
may be visited at http://hipaalert.com . It is important to recognize the impact that HIPAA compliance
will have on health organizations, and the resources required to ensure compliance by the deadlines.
Resource Allocation
We suggest that organizations appoint a HIPAA Compliance Officer to oversee their compliance process.
In addition, the HIPAA security provisions dictate that an entity be assigned responsibility for
security compliance. A tentative budget and timeline should be developed early in the process
timeline.
Information Gathering
Identification of assets that will help you efficiently meet the HIPAA requirements is also very
important. There is a wealth of information, speculation, and misguided guesses about the impact of
HIPAA on health related organizations, but there are also resources available to aid Compliance
Officers. We suggest the following links as good sources for accurate information:
|
HealthExecOnline: HIPAALERT:
|
http://hipaalert.com
|
|
The DHHS Administrative Simplification site:
|
http://aspe.hhs.gov/admnsimp
|
|
The Joint Healthcare Technology Alliance:
|
http://www.jhita.org
|
|
FAQ about Security and Electronic Signature Standards:
|
http://aspe.hhs.gov/admnsimp/faqsec.htm
|
Compliance Partners
Selection of partners to ensure your HIPAA compliance will allow you to maximize your efficiency.
Partnering with Interprise Security Group brings extensive security and healthcare experience to your
compliance team, ensuring that your organization will meet your goals with minimum impact on your
resources.
If you would like additional information about our Roadmap to HIPAA Compliance, or related Network
Security concerns, please contact a representative.
Greater Atlanta:
Stephen Zepp
[email protected]
(678) 354-9367
Outside Atlanta
Steve Zepp
[email protected]
((407) 855-5095
For More Information Contact:
Interprise Security Group
7314 Carriage Creek Road, Woodstock, GA 30189
Tel: +1 (770) 517-2685
FAX: +1 (770) 517-2685
Internet: [email protected]
|
© 2000 Interprise Security Group, Inc.
Please direct questions/comments about this site to WebKeeper
|
|
|
|
