RSS Alerts
A survey of 100,000 network administrators found HIPAA to be the most challenging information security regulation to implement

Share

More services

Related Stories

  • HIPAA fines prompt action by health care firms on data storage
    With the recent fines imposed by the Department of Health and Human Services (HHS) for violations of the Health Insurance Portability and Accountability Act (HIPAA) privacy rules, firms are starting to feel the pain and take steps to archive and secure patient data.
  • Accreditation body revises HIPAA data privacy and security standards
    URAC, a nonprofit healthcare accreditation organization, has revised its Health Insurance Portability and Accountability Act (HIPAA) privacy and security standards.
  • OMB reviews information disclosure changes to HIPAA privacy rule
    The Office of Management and Budget (OMB) is reviewing a proposed rule from the Department of Health and Human Services (HHS) that would modify disclosures of information under the Health Insurance Portability and Accountability Act (HIPAA) privacy rule.
  • Mass General takes $1 million hit for losing 193 patient records
    Following closely on the heels of its first Health Insurance Portability and Accountability Act (HIPAA) privacy rule fine, the Department of Health and Human Services (HHS) has doled out a $1 million fine against Massachusetts General Hospital for a data breach involving 192 patients begin treated for infectious diseases.
  • HHS levies first fines under HIPAA privacy rule
    The Department of Health and Human Services (HHS) has issued its first fines under the Health Insurance Portability and Accountability Act (HIPAA) privacy rule to Maryland-based Cignet Health Care for denying 41 patients access to their medical records and obstructing the department's probe.

Top 5 Stories

News

HIPAA poses greatest compliance challenges for information security

04 April 2011

The Health Insurance Portability and Accountability Act (HIPAA) is the most challenging information security regulation for businesses to implement, according to a survey by IT management products firm Ipswitch.

According to an Ipswitch survey of 100,000 network administrators, 38.2% said that HIPAA was the most challenging information security regulation to implement, followed by the Sarbanes-Oxley Act with 29.3% and the Federal Information Security Management Act with 9.3%.

“Enterprises, financial institutions and health care providers are under intense scrutiny to protect the confidential information of their patients and clients”, said Ennio Carboni, president of Ipswitch’s Network Management Division. “Regulations are updated regularly, as are the hackers’ and thieves’ methods of exploiting them.”

Kurt Johnson, VP of strategy and corporate development at identity access management product firm Courion, noted that the Department of Health and Human Services’ HIPAA checklist is quite extensive.

“The overwhelming majority of those checklist items for IT are doing things such as establishing user access for new and existing employees, understanding individuals and contractors with access to electronic health information, terminating user access, and monitoring system use to see what is authorized and not authorized”, he told Infosecurity.

A major driver of HIPAA compliance is the health care industry’s move to electronic patient records. “You have this perfect storm brewing where you’ve got more electronic health information available than ever before, you’ve more people needing that data…and more electronic devices [to share the information] than ever before”, Johnson said.

In addition, “doctors are a pretty tough user base to deal with. They are well educated and think they know more about everything than anybody else, and that includes IT….So if you put too much security in front of them, they are going to subvert that process…in the name of patient care", he observed.

“The need for the medical community to share information in the name of patient care has given rise to a lot of security issues, such as…how from an IT security perspective do we put the proper controls in place to ensure that the people accessing the information have that need to know…while at the same time keeping out the people who don’t need it”, Johnson said.

The revision of the HIPAA rules and the passage of the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009 have increased the regulatory compliance burden on organizations, Johnson observed. First, the changes have increased enforcement and fines. Second, the disclosure requirements for patient data breaches have been expanded significantly.

“If there is a breach, it has to be disclosed, not only to the individual, but via a media outlet….The requirement to notify is a significant concern to the hospital because they don’t want their name broadcast on the news due to a patient privacy violation”, he concluded.

This article is featured in:
Compliance and Policy  • Data Loss  • Identity and Access Management

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012