 |
HIPAA Compliance required as of yesterday |
|
 |
 |
|
 |
 |
As if yesterday, April 14, compliance with the Healthcare Insurance Portability and Accountability Act (HIPAA) privacy regulations is required for most medical entities. The privacy regs, released piecemeal over the past couple years, have massive technical security implications regarding electronic medical data storage and transmission. Although many people mourn the lost of individuals' right to sue for damages resulting from privacy violations found in earlier HIPAA drafts, the final form does impose fines on entities who violate individuals' privacy (if those indvidiuals complain).
A group of health care privacy advocates filed suit in a Pennsylvania district court yesterday alleging the HIPAA privacy requirements in effect rob individuals of their right to approve or deny disclosure of medical information.
The privacy regs provide very generally that covered entities (e.g. health insurance companies, pharmaceutical companies, doctors' offices, hosptials) must have appropriate technical safeguards in place to protect electronically stored information (e.g. medical records, prescription information etc.)on identifiable individuals. The accompanying technical security regulations go into effect on April 21, 2003. The security regs cover (among other things) electronic signatures, electronic data storage, network security, transactions and code sets and security awareness. Compliance with the security regs is not required until April 21, 2005.
|
|
 |
| |
 |
Related Links |
 |
 |
|
 |
 |
Options |
 |
| The comments are owned by the poster. We aren't responsible for their content. |
|
|
|