[ Monday, May 03, 2004 ]
More on Security:
I've been hitting on Security more and more, and with a year to go, some healthcare and MIS folks are now beginning to focus on it in earnest. Here
's something from the AMA news recently that raises some interesting points.
As with Privacy, you've just got to start taking steps to make the journey to (or at least towards) Security compliance. If you haven't started the process of doing a Risk Assessment, you really need to start. It will take some time to understand what you have and how you use it. And it will be more difficult than Privacy: Privacy was methods and operations, and those are the things that providers know about themselves. Doctors know how their offices run, who knows things, and what types of information they need to access and how. What they don't necessarily know is what types of data systems they have, what their vulnerabilities are, and how to secure them. For most covered entities, Privacy is the part of the iceberg you can see, and Security is the underwater part. And you know about icebergs: don't get me started singing Celine Dion songs.
Anyway, check out the links at the bottom of the AMA article; they've got some useful tools geared toward physician practices.
Jeff [9:18 AM]
Blogger: HIPAA Blog - Edit your Template