In Brief
HIPAA Hooray!
OK, maybe you're not doing cartwheels. But for companies staring down HIPAA (the Health Insurance Portability and Accountability Act) it's time to hit the mats.
By Daintry Duffy
September 04, 2002 — CSO — OK, maybe you're not doing cartwheels. But for companies staring down HIPAA—the Health Insurance Portability and Accountability Act—it's time to hit the mats.
Large portions of the 1996 bill that standardizes electronic data interchange for health-care organizations and protects the confidentiality and security of health-related data are finally nearing enactment. Companies affected by HIPAA—including health-care providers, employers, life insurers and universities—are facing an Oct. 16, 2002, compliance date for the electronic standards portion of HIPAA and an April 14, 2003, compliance date for the privacy standards.
Because the regulations for the security standards portion of the bill won't be introduced until late this year, CSOs might be tempted to put their preparations off, but that would be a mistake. "You can't have privacy without security," notes Brian Wyatt, an associate in the health-care group at Ropes & Gray law firm in New York City. CSOs will play a critical role in implementing and enforcing the policies and procedures that govern who has access to protected health information, deciding how information is used within the organization and ensuring that business partners that have access to employee health information implement similar access controls.
Wyatt notes that his team frequently sees that individuals in companies who perform clerical tasks like billing are actually able to access specific individual health-care information because the access codes in the information systems are improperly configured. These kinds of problems will fall largely to the CSO and security team to fix.
CSOs in many companies are also going to find that they have a new executive partner to work with courtesy of HIPAA. The privacy regulations require that affected companies have an individual responsible for ensuring that privacy policies are followed. In large companies that may mean the appointment of a chief privacy officer.
Other stories by Daintry Duffy
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
The Surest Path to Effective and Efficient Compliance
In this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.
- Make Compliance Regulations an Ally Not an Enemy
- Protecting Sensitive and Confidential Information with Endpoint Security
- Endpoint Security: Compliance at the Endpoint
- Revolutionizing Endpoint Security with a Single Agent
- Data Protection: Challenges for the Traveling User
- View Gartner Video: Best Practices on Web Application Security
- Unlock the Power of Device ID to Combat Online Fraud and Abuse
- Network Security Services: Outsourcing considerations for maximizing network protection
- File Integrity Monitoring: Secure Your Virtual and Physical IT Environments
- Configuration Assessment: Choosing the Right Solution
- IT Service Management: Metrics That Matter
- Effective Security with a Continuous Approach to ISO 27001
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Executive Seminar on Application Security
-
January 29, 2009New York, New YorkRegister now »
-
February 25, 2009San Francisco, CaliforniaRegister now »
(ISC)2 members can earn up to 6 CPE Credits
Reference priority code ONLINE and attend this program as our guest — that's a $295 savings!
