Health-Care Security Under Scrutiny

Many health-care firms and insurers are struggling to achieve compliance with data-security mandates associated with the Health Insurance Portability and Accountability Act (HIPAA). A study earlier this year of 400 health-care firms and 220 companies by the Healthcare Information Management Systems Society (HIMSS) found that only 18 percent of providers and 30 percent of insurers said they would be compliant by the April deadline.

In addition, a report by the American Health Information Management Association found that while 17 percent of respondents to a survey said they were completely compliant at the time of the survey, 43 percent said they were 85 percent to 95 percent compliant, 26 percent said they were about 50 percent compliant, and 12 percent said they were less than 50 percent compliant. Those that were behind on implementations generally cited resource conflicts with other necessary IT projects, such as the implementation of electronic health records at larger facilities, according to the report.

The HIPAA security rules require that there be fully auditable steps for controlling access to confidential electronic health data, as well as protection against misuse and possible compromises, but do not include any specific technologies that need to be adopted. Health-care organizations can face a $25,000 violation penalty, but enforcement will only be initiated if a complaint is filed against the organization.

id
unit-1659132512259
type
Sponsored post