|
The KBOX HIPAA Approach
HIPAA Security Rule Overview
The compliance deadlines for the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Final Security Rule have come and gone. The deadline was April 21, 2005 for all covered entities, except small health plans which had until April 21, 2006, to comply.
While the HIPAA Privacy Rule covers protected health information (PHI) in all forms, the HIPAA Security Rule specifically applies only to PHI that is maintained, transformed, or transmitted in electronic form (e-PHI). The Security Rule is intended to ensure that covered entities meet the following objectives:
- Ensure the confidentiality, integrity and availability of all EPHI that the entity creates, receives, maintains, or transmits;
- Protect against any reasonably anticipated threats or hazards to the security or integrity of such information;
- Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required under the Privacy Rule; and
- Ensure compliance by the entity's workforce.
The Security Rule presents major challenges for virtually every covered entity in the HIPAA environment, no matter how big or how small. Covered entities include health plans, health care clearinghouses, and healthcare providers. In addition, business partners and associates who interact with covered entities are forced to deal with the same security issues as covered entities. Savvy IT professionals know all too well the amount of work they face in supporting HIPAA compliance. And your IT guys have enough on their plates without assuming the role of HIPAA police. But when faced with a challenge, they also appreciate that adding technologies for HIPPA Security Rule compliance is an opportunity to make improvements in overall IT security that increase the organization's bottom-line. It gives you a unique opportunity to see how you can improve IT services, address business process issues, bolster systems performance and increase uptime of your infrastructure. IT professionals today must look to new challenges, such as HIPAA, as opportunities to leverage existing technologies - not only to achieve compliance, but to add more value to the overall business.
KBOX IT Management Suite by KACE can help you fulfill your HIPAA Security Rule requirements and improve overall control and performance of your IT infrastructure. KBOX uniquely supports IT teams in their HIPAA Security Rule efforts with an easy-to-use, comprehensive, and affordable solution. This solution addresses a wide range of "Required" and "Addressable" technical, physical, and administrative safeguards mandated by the HIPAA Security Rule.
The HIPAA Security Rule, Why Do I Care?
Criminal penalties for HIPAA violations can include fines of up to $250,000 and 10 years in prison for the most serious of violations. Protecting patient information is serious business.
You don't have to go further than recent headlines to know why you should care about the HIPAA Security Rule. In May 2006, the Department of Veterans Affairs (VA) learned that an employee, a data analyst, took home electronic data from VA that was stored in his home on a laptop computer and external hard drive. He was not authorized to take this data home. Do you want to hear about an e-PHI security breach at your organization on the 11 o'clock news?
The stakes are clearly high. And it won't be long before more prosecutions are undertaken. The Seattle man took the heat for a cancer hospital consortium's security failure. However, the tide of responsibility shifted in June of 2006 when an authoritative new ruling by the Justice Department sharply limited the government's ability to prosecute people for criminal HIPAA violations. In its ruling, the Justice Department said that criminal penalties should apply to insurers, doctors, hospitals and other providers - but not necessarily to their employees or outsiders who steal personal health data.
What does this mean for your organization? In short, the Department said that people who work for an entity covered by HIPAA are not automatically covered by that law and may not be subject to its criminal penalties. But the insurer, doctor, hospital, or other provider that you work for can be prosecuted and filed. Someone is going to pay for HIPAA violations.
|
