Articles page     HIPAA page    

HIPAA Security Regulations Still Under Discussion

The HIPAA proposed security regulations deal with the security and confidentiality of Protected Health Information (PHI). Issues covered include, but are not limited to, password maintenance, incident reporting, as well as addressing viruses and any other software destroyers. Like the privacy compliance, security compliance will require training employees, agents and independent contractors on security policies and procedures.

An example of a security situation dealing with protected health information follows. An office manager for a physician’s office keeps back-up billing information on her laptop computer. The office manager inadvertently leaves the laptop on her back seat and thieves break-into the car and steal the laptop, along with all of the protected health information of the practice’s patients. Potential harm that might arise from this incident: the thieves might try to sell the confidential patient information or, at a minimum, publish the information maliciously. The medical practice, under such an occurrence, might lose the confidence of its patients if the patients lose their confidence that the medical practice will protect their protected health information. That would be a serious blow to the medical practice’s reputation. There may also be HIPAA penalties for the medical practice as well as possible state penalties for breach of patient confidentiality laws. It is not beyond the imagination to also envision the possibility of patient lawsuits over the unauthorized disclosure of protected health information.

The proposed security regulations require developing policies and procedures similar to those required by the privacy regulations; i.e.; regulations that help to ensure that protected health information is kept secure.

For more information, please Call or E-mail