In Brief
HIPAA Hooray!
OK, maybe you're not doing cartwheels. But for companies staring down HIPAA (the Health Insurance Portability and Accountability Act) it's time to hit the mats.
By Daintry Duffy
September 04, 2002 — CSO — OK, maybe you're not doing cartwheels. But for companies staring down HIPAA—the Health Insurance Portability and Accountability Act—it's time to hit the mats.
Large portions of the 1996 bill that standardizes electronic data interchange for health-care organizations and protects the confidentiality and security of health-related data are finally nearing enactment. Companies affected by HIPAA—including health-care providers, employers, life insurers and universities—are facing an Oct. 16, 2002, compliance date for the electronic standards portion of HIPAA and an April 14, 2003, compliance date for the privacy standards.
Because the regulations for the security standards portion of the bill won't be introduced until late this year, CSOs might be tempted to put their preparations off, but that would be a mistake. "You can't have privacy without security," notes Brian Wyatt, an associate in the health-care group at Ropes & Gray law firm in New York City. CSOs will play a critical role in implementing and enforcing the policies and procedures that govern who has access to protected health information, deciding how information is used within the organization and ensuring that business partners that have access to employee health information implement similar access controls.
Wyatt notes that his team frequently sees that individuals in companies who perform clerical tasks like billing are actually able to access specific individual health-care information because the access codes in the information systems are improperly configured. These kinds of problems will fall largely to the CSO and security team to fix.
CSOs in many companies are also going to find that they have a new executive partner to work with courtesy of HIPAA. The privacy regulations require that affected companies have an individual responsible for ensuring that privacy policies are followed. In large companies that may mean the appointment of a chief privacy officer.
Other stories by Daintry Duffy
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
Discover whether hosting is your smartest choice for enterprise messaging.
To host or not to host? Thats the question for many CIOs as the volume and complexity of enterprise messaging continues to skyrocket.
- Understanding Data Location is Imperative for Data Loss Prevention
- Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
- Enterprise Management Associates: Taking the Botnet Threat Seriously
- Controlling High Fraud Risk of International Transactions
- 5 Strategies for Reducing the High Cost of Online Consumer Authentication
- Solving Online Credit Fraud Using Device Reputation
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
7th Annual Digital ID World
-
September 8 - 10, 2008Hilton AnaheimRegister now »
Anaheim, California
(ISC)2 members can earn up to 20 CPE Credits
Reference priority code ONLINE and save $800 off the full registration price — attend the program for $995
