Identity Management and HIPAA:
Many industries are today undergoing sweeping changes due to increased governmental regulations that have a dramatic impact on their business processes as well as IT infrastructure. One of the most important of these regulations is the Health Information Portability and Accountability Act, known as HIPAA. It often requires significant process and technology changes for any healthcare company that manages and processes private health information. A major goal of the HIPAA regulations is to ensure the privacy of any protected health information (PHI) for any individual that is collected, processed, and transmitted between healthcare organizations.
Many companies and organizations have been and continue to be impacted by HIPAA. These include healthcare providers (hospitals, group practices), payers (insurance carriers, HMOs), as well as claims clearinghouses, pharmacies, and the like. It is therefore important that the specific requirements of HIPAA, as well as how certain technology solutions can aid you in achieving conformance, are widely understood.
HIPAA specifies a control environment where organizations can manage their relationships with internal and external users throughout their lifecycle with the company, from initial creation of the user's identity to final access termination. Since most of the PHI is managed electronically, how this digital information and the related identities are managed becomes a key component of overall HIPAA compliance. eTrustTM Identity Management solutions for Computer Associates International, Inc. (CA) can help you more easily manage your user identities, control access to protected applications and information, and ensure that PHI is available only to properly authorized individuals.
As you plan your HIPAA compliance strategy, you will be faced with issues such as these. eTrust Identity Management solutions can help you efficiently solve these problems:
1. How can I ensure that every user is strongly authenticated and is granted access to only those resources and information that they are authorized to access?
2. How can I protect the confidentiality of my patient information and ensure that it is kept private?
3. How can I audit my access policies, so that I can determine who has been granted access to specific applications or information?
4. How can I create workflow processes so that appropriate management approval is required whenever a user requests access to confidential information?
5. How can I ensure that access to confidential information is terminated immediately when an employee leaves the company?
6. How can I protect confidential information, even across the boundaries of business units within a large corporation, or between corporations themselves?
7. How can I develop procedures for creating and changing passwords, so that my environment has stronger security?
How eTrust Identity Management Can Help You Achieve HIPAA Compliance
HIPAA includes requirements for a range of areas relating to protected health information.
