HIPAA article: Health Insurance privacy compliance lags 1494

  • This article provides an update on HIPAA. Some insurance companies must meet both SOX and HIPAA standards.
    HIPAA article: Health Insurance Privacy Compliance Lags
    place ‘www’ in front of link and paste into your browser
    Current status …
    The good news about privacy and the Health Insurance Portability and Accountability Act is that more than 80 percent of companies involved in health care have technology and processes in place to provide the level of patient-privacy protection required by the 1996 law.
    The bad news? All were supposed to have done so by April 2003.
    More bad news? The percentage hasn’t changed since last summer, meaning about 20 percent of health care companies are ‘unable or unwilling to implement federal privacy requirements,’ according to a twice-yearly survey of health care payers and providers conducted by Phoenix Health Systems and Healthcare Information and Management Systems Society, or HIMSS.
    Some key issues that sometimes parallel what we see in meeting SOX compliancy …
    The problem is that HIPAA rules are often vague and technology is developing so quickly that it’s often hard to decide whether flash drives, hot-site disaster recovery, and other specific storage and file management technologies are covered or satisfy the rules.
    ‘The regulations didn’t have much precision,’ said Gillespie. ‘They were very general in a lot of cases. Regulatory statements said something about the requirements but didn’t come out and say what technology was involved. We went through the regulation sections for more than a year to interpret those regulations into technology solutions that seemed to work and meet the regulations too.’

Log in to reply