Preface


In the mid 90s, as the Internet and Web gained momentum, it became increasingly obvious that an individual's personal medical information was at risk. With the proliferation of affordable technology and systems networking, health care providers began consolidating personal medical records on networked systems that were accessible to a large number of individuals.

The impetus for the wide consolidation of medical records on networked systems has been to increase the ability to manage the records. In addition, there are treatment advantages to giving the various medical professionals, hospitals , labs, and pharmacies associated with caring for an individual, access to consistent and up-to-date medical information about the patient. Clearly consolidation and accessibility of patient medical information on information technology systems has been well intended.

However, no good deed goes unpunished, and in spite of all the good intentions, if personal medical information falls into the wrong hands, it can have an adverse effect on an individual's treatment plan, job opportunities, personal life, and professional reputation. Therefore, laws were created to control specifically who can access an individual's personal medical information. In considering ways to safeguard an individual's personal privacy, elimination of personal medical information records is not an option. Patients , after all, are paying doctors lots of money to create this data, and deleting it after first use would be counterproductive. The best treatment of medical problems can be provided when substantial information is available about an individual over a period of time, so that health progress can be monitored and measured. Without a doubt, it is the access of medical data that needs to be regulated . As biotechnology becomes more advanced, medical data about individuals will continue to grow by leaps and bounds.

To protect individuals from the risks involved in having their medical information exposed, Congress enacted the Health Insurance Portability and Accountability Act (HIPAA) in 1996. HIPAA is a law, and non-compliance with HIPAA is a crime. This book presents an implementation guide to organizations responsible for upholding HIPAA laws to help these organizations manage the cumbersome compliance process.

Ultimately, case law will decide what constitutes a HIPAA violation. Preventing litigation associated with HIPAA liabilities is to a great extent an information technology problem. Proper implementation and compliance with HIPAA are what will prevent undue litigation, financial penalties, and liabilities.

This book is the result of a collaborative effort of individuals who brought different professional skill sets to the project and came from different geographic locations. The individuals who volunteered to write this book have skills in safeguarding privacy, information technology management, information security, computer networking, healthcare, medical support systems, and project management. Every contributing author made personal sacrifices, and many worked late in the night, and on weekends in order to meet the deadlines. I feel particularly honored to have worked with such a great group of people on this project.

Part I, the introduction and first chapter of this book provides background information and a history of HIPAA. Part II, which consists of Chapters 2, 3, 4, 5 and 6, presents an overview and the guiding principles of HIPAA. Part III, Chapters 6, 7, 8, and 9, tells you how to get your HIPAA project off the ground. Sometimes getting started is the hardest part of any large project, so we have dedicated an entire section to getting the ball rolling. Part IV, Chapters 10, 11, 12, and 13, focuses on the implementation-getting the job done. To make sure you haven't forgotten anything, Part V, Chapters 14 and 15, includes an audit and compliance section.

If there is something we didn't include that you think we should have, please let us know since there is a good chance we will revise and improve this edition before publishing a 2 nd edition. We don't expect our recommendations to be the only good ones. In fact, we're sure that there are many ways to go about a HIPAA project: what we present here is just one of them. Collectively, we believe that the process outlined in this step-by-step guide presents the most important aspects of HIPAA compliance. We hope it works for you, your organizations, and your patients.

Laura Taylor, on behalf of all the other authors who worked to make this book a success

SANS Institute enthusiastically applauds the work of these professionals and their willingness to share the lessons they have learned and the techniques they use.

  • AUTHORS

  • Julie Baumler

  • Susan Bradley

  • Stephen Brown

  • Barbara Filkins

  • Brian Granier

  • Robert Happy Grenert

  • Chad Gross

  • Wayne Haber

  • Jason Hilling

  • Dave Jahne

  • Ed Mendez

  • Russell Meyer

  • Denis Piliptchouk

  • Olivia Rose

  • Adam Stone

  • Laura Taylor

  • Denise Turner

  • Russell Walker

  • Steve Weil

  • Allen Zhang

  • EDITOR

  • Stephen Northcutt, SANS Institute

  • PROJECT LEADER

  • Robert Happy Grenert




HIPAA Security Implementation, Version 1.0
HIPAA Security Implementation, Version 1.0
ISBN: 974372722
EAN: N/A
Year: 2003
Pages: 181

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net