DRJ Fall 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 32, Issue 3

Full Contents Now Available!

Thursday, 22 November 2007 00:26

Not Just For HIPAA

Written by  Elizabeth M. Ferrarini

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) sounded a wakeup call throughout the healthcare industry – patient data is an asset and it needs to be protected. IT departments are now facing the challenge of implementing HIPAA’s three provisions – electronic data exchange of transactions (EDI), privacy, and security. The HIPAA rules are clear for EDI and privacy, but the security rule had not yet been finalized until February. Faced with competing strategic priorities and shrinking budgets, CIOs at healthcare organizations must convince senior management to comply with these evolving rules. CIOs throughout the country often complain about board members and senior executives who are not taking HIPAA seriously. Healthcare executives argue it will take years of case law to clarify what constitutes a HIPAA violation, how to apply sanctions, and how to provide ongoing enforcement. The federal government has few staff to enforce HIPAA currently and the strategy