subject: Advancement In Technology And The Changing Landscape Of Information Security In Health Information [print this page] As Health Records are converted to electronic records, there is likely coming a paradigm shift. Nowadays a patient's lab results can be sent to a Smartphone, where the doctor can text or email her orders based on those findings, all within seconds. A nurse can instantly check a patients charts or emergency room status on any portable device or laptop. Soon enough, it may be the case that a patient's records can be sent electronically to a treatment facility in another city or country, or even just around the block, so that care may be coordinated.
The caveat to the convenience is that electronic records are far easier to alter, and come with their own slew of privacy problems that paper documents never had. In the Security Rule, HIPAA law touches on a number of these issues. The rules comprising HIPAA and its associative Privacy and Security rules, total nearly one-thousand pages. Making sure that these laws are implemented correctly, generally requires both HIPAA lawyers and HIPAA Consulting entities to work together. The problem with information is both in its relative size and transportability. Tons and tons of information can be held in tinier and tinier mediums. In a world where highly sensitive information can be held on a piece of hardware that is no bigger than a bit of change (which we know oftentimes finds its way out of our pockets), there is an increasing danger in the transportation of information. Similarly, many caregivers, accustomed to electronic communication on a social level or in professional activities which concern less sensitive information, often fail to take the precautions required with regard to health data. For example, they may text other caregivers or patients, without consideration of whether the media or networks utilized are secure from interception.
The Health insurance portability and accountability act Security Rule addresses these concerns through requiring that Protected Health Information ("PHI") be encrypted during storage and transmission, in accordance with the standards set forth within a Guidance published through the DHHS during April, 2009. Department of health and human services has been mandated, by the changes made to hIPAA within the HITECH Act, to make periodic "spot audits" of hospitals with regard to privacy and security. Obviously, a hospital should possess its Health insurance portability and accountability act attorneys in the facility working on security precautions well before such an inspection happens.
Health insurance portability and accountability act consulting entities, working with a crowd comprising IT, Records, Legal and the outside Health insurance portability and accountability act attorneys should embark upon a healthcare compliance security initiative by means of assessing existing security technical protections as well as administrative security processes (i.e., how electronic health information is used and also transmitted), revising those protocols when considered necessary, as well as teaching the employees on implementation of the new policies and procedures. Health insurance portability and accountability act law, in 2010, is one of the major standards of healthcare compliance, and the hospital will realize the necessary standard most cost-effectively by means of commencing bringing together the Health insurance portability and accountability act lawyers and hIPAA consulting teams with the hospital stakeholders early enough to realize workable tactics in information security.
