Security's Rx for Healthcare Information.

Federal government regulations regarding the security and privacy of electronic medical records are due later this year. While the exact wording has yet to be determined, industry experts agree that when the requirements take effect in 2002, they are likely to place a costly burden on organizations in the healthcare industry.

The changes were mandated in the 1996 Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996.

According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when (HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, ) and will affect how businesses store, transmit, and protect healthcare information.

A Harris poll conducted earlier this year noted that 52 percent of doctors and other medical professionals use the Internet Internet

Publicly accessible computer network connecting many smaller networks from around the world. It grew out of a U.S. Defense Department program called ARPANET (Advanced Research Projects Agency Network), established in 1969 with connections between computers at the to receive lab results, and 28 percent use it to access other patient information. Similar findings were produced in a survey by ePhysician, which concluded that the once technophobic See technophobe. medical industry is embracing all sorts of technology to aid in the delivery of services. At the same time, the California Healthcare Foundation has found that while consumers share a great deal of private medical information with popular health Web sites, their information is not always handled properly.

The goal of the security regulations is to create a uniform level of protection for all personal health information that is electronically transmitted. The regulations will require organizations to implement several policies and procedures Policies and Procedures are a set of documents that describe an organization's policies for operation and the procedures necessary to fulfill the policies. They are often initiated because of some external requirement, such as environmental compliance or other governmental for physical storage, maintenance, and access of information. While they do not require that specific technology be used to comply, those organizations already using security technology, such as digital signatures, will be required to certify cer·ti·fy
v. cer·ti·fied, cer·ti·fy·ing, cer·ti·fies

v.tr.
1.
a. To confirm formally as true, accurate, or genuine.

b. that their systems meet standards.

The most contentious part of the anticipated rule is the privacy component, which requires that businesses give individuals notice of the company's information practices, access to their own personal information, and the right to amend it. In addition, medical organizations--insurance companies as well as care providers--must provide the individual with an audit trail of all the disclosures they have made of that patient's specific information. Under the forthcoming regulations, law enforcement would retain its existing right to access private medical information in some circumstances CIRCUMSTANCES, evidence. The particulars which accompany a fact.
2. The facts proved are either possible or impossible, ordinary and probable, or extraordinary and improbable, recent or ancient; they may have happened near us, or afar off; they are public or , a provision strongly opposed by privacy advocates.

As HIPAA regulations go into effect, businesses that fail to change their policies to comply will face civil and criminal penalties. The Joint Commission on Accreditation of Healthcare Organizations Joint Commission on Accreditation of Healthcare Organizations,
n.pr the United States body that accredits healthcare organizations.

Joint Commission on Accreditation of Healthcare Organizations (JCAHO/TJC),
n. has made several resources available to help medical facilities and businesses meet the requirements of the law. Other resources are available through Phoenix Health Systems, which produces an HIPAA alert news service.

COPYRIGHT 2000 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Author:	NEELEY, DEQUENDRE
Publication:	Security Management
Geographic Code:	1USA
Date:	Jul 1, 2000
Words:	399
Previous Article:	Pioneering Security.(Brief Article)
Next Article:	Senate Cyberspace Protection Task Force Inaugurated.
Topics:	Health care industry Laws, regulations and rules Medical care Medical records Laws, regulations and rules

Related Articles
AHT Corporation Launches Nation's First Comprehensive Internet Prescription Management Service.
AHT'S @Rx-TM- Internet Prescription Management Service Provides Physicians Electronic Access to PlanetRx.com.
AHT Corporation to Participate in New drugstore.com Certification Program for Electronic Prescriptions.
AHT Corporation Reports Third-Quarter Results: Projects Significant Revenue Growth for 2000 and 2001.
Women's Health USA To Use AHT'S @Rx Internet Prescription Management Service.
RSK Health Risk Solutions Licenses AHT'S @Rx Internet Prescription Management Service.
AHT Corporation to Benefit From Federal Government Initiative to Reduce Medical Mistakes.
AdvancePCS Issues Statement Re: United Healthcare/AARP Lawsuit.
Clinical information systems hotlist.
AMN Healthcare acquires staffing agency in Denver.(HEALTH CARE)