| HIPAA--a real world perspective. | |
| | |
MedLine Citation:
|
PMID: 11302064 Owner: NLM Status: MEDLINE |
Abstract/OtherAbstract:
|
An effective and realistic approach to HIPAA compliance requires healthcare organizations to achieve a fundamental shift in attitude, awareness, habits and capabilities in the areas of privacy and security. They must create a sense of accountability among staff, and even patients, for the safeguarding of patient information. Only when this culture shift has occurred, along with the required technological advancements, can HIPAA compliance be realistically achieved. There is still ample time to create the organizational shift necessary, along with technological enhancements, to meet HIPAA requirements. Beyond compliance, HIPAA will benefit the healthcare industry by promoting administrative simplification--the original intention of the Act. And it will require the healthcare industry, in an abbreviated timeframe, to upgrade its level of sophistication in managing information. HIPAA certification springs from an organizational compliance method that has been underway in government for the past two decades. The HIPAA playbook is taken lock, stock and barrel from other Federal guidelines. HIPAA's legislative lineage includes the Healthcare Reform Act of 1993, Paperwork Reduction Act of 1980, Computer Security Act of 1987 and the Privacy Act of 1974. HIPAA means that public and private sector healthcare organizations are going to be required by law to adopt the same information-handling practices that have been in effect in the Federal government for years. That boils down to two things: Standardized formatting of data electronically exchanged between providers, payers and business partners (EDI) Federalization of security and privacy practices within private-sector healthcare information management The key to making HIPAA compliance achievable within a practical timeframe, as well as instituting the culture changes that go with enhanced privacy and security standards, is a process that is largely unfamiliar in the private sector, called administrative certification and accreditation. Certification is an organizational change-management methodology that drives accountability for security down to that level in the organization where it will concretely and tangibly get done. It is a comprehensive managerial assessment of the technical and non-technical security features and other safeguards of a system associated with its use and environment. The assessment seeks to establish and document the extent to which a particular system meets a set of specified security requirements. HIPAA accreditation occurs when all functional managers in an organization have completed reports of what they know they need to do in their areas. They submit that information to an executive official within the organization who functions as the accrediting official for the organization. Accreditation is the formal declaration that an information system is approved to operate in a particular security mode using a prescribed set of safeguards and should be strongly based on the solvable vulnerabilities and residual risks identified during certification. Institutionalizing a practical and formal HIPAA certification program is important to support business activities and can provide several benefits including increased communication within an organization. |
| | |
Authors:
|
C Nulan |
Related Documents
:
|
11899724 - "must-know" legal issues for healthcare cfos. 14513744 - Corporate culture: the missing piece of the healthcare puzzle. 10119714 - The balanced scorecard--measures that drive performance. 10122434 - Strategic planning as used by chief executive officers. 9438924 - Caring for the older patient, part iv: the value of nuclear medicine in meeting the nee... 21029274 - Most like it but some don't - attitudes of vocational trainees in general practice towa... |
Publication Detail:
|
Type: Comparative Study; Journal Article |
Journal Detail:
|
Title: Radiology management Volume: 23 ISSN: 0198-7097 ISO Abbreviation: Radiol Manage Publication Date: 2001 Mar-Apr |
Date Detail:
|
Created Date: 2001-04-13 Completed Date: 2001-05-24 Revised Date: 2006-11-15 |
Medline Journal Info:
|
Nlm Unique ID: 8001971 Medline TA: Radiol Manage Country: United States |
Other Details:
|
Languages: eng Pagination: 29-37; quiz 38-40 Citation Subset: H |
Affiliation:
|
Cerner Corporation, Kansas City, Mo., USA. cnulan@cerner.com |
Export Citation:
|
APA/MLA Format Download EndNote Download BibTex |
| MeSH Terms | |
Descriptor/Qualifier:
|
Accreditation Certification Computer Security / legislation & jurisprudence* Confidentiality / legislation & jurisprudence* Documentation Guideline Adherence Health Insurance Portability and Accountability Act* Humans Management Information Systems / legislation & jurisprudence, standards* Private Sector Public Sector Social Responsibility United States |
From MEDLINE®/PubMed®, a database of the U.S. National Library of Medicine
Previous Document: Radiology report production times: voice recognition vs. transcription.
Next Document: Embracing cultural diversity.