[ Monday, September 08, 2008 ]


Piedmont and Providence: Feds finally put teeth into HIPAA, according to ComputerWeek. I'm not so sure. So far, nothing's come from Piedmont, except other audits and an attractive government contract for PwC. And Providence was a settlement of a bad (in the sense of being high-profile) data breach, and the penalty amount isn't really enough to scare too many people. Hopefully these news items bring back some needed focus, but I don't really seem them as some watershed or sea change (if I can so mix my metaphors).

Jeff [10:30 AM]

I agree with you the fine was only a slap on the wrist, but believe they don’t want to put already financially strapped hospitals out of business. However, it sounds like they may be paying more attention and putting more effort into enforcement. I believe most hospitals have tried very hard to be in HIPAA compliance but there are overlooked areas as far as office device security and fax security. One way to improve data security is to insure multifunction devices have information technology security certification, using third party evaluations. Specifically, they need to be fully SYSTEM certified with Common Criteria Certification, as opposed to just having sub-systems, kits, or components certified http://www.commoncriteriaportal.org/ . Hospitals are very heavy fax users, and another way to increase information security is to use the network for secure faxing using “scan to fax” or “e-mail to fax”. Either method provides a complete audit trail from start to finish, prevents interception/tampering, and insures only authorized users can access the faxes.
Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template